Dear faculty and staff,

I write today to thank you for your continued attention to the problem of phishing on our campus. While your vigilance has reduced overall compromises, the severity of successful compromises has increased. For this reason, we plan to require 2-Step Verification for all email accounts starting in November. Please, though, do not wait. Protect your account now by turning on 2-Step. You can follow the instructions at the end of this message.

Phishing and Identity Theft

Phishing is more than just clicking on a few links and accidentally giving up credentials. Phishing leads to identity theft and all the challenges that come with it. Allow me to share recent examples on our campus.

Over the summer, many individuals were tricked into providing their Onyen and password after receiving an email that appeared to be from the Chancellor. The email did not come from her account and was poorly written, but those errors were missed during a quick skim – not unusual in today’s fast-paced work day. In one case, phishers had embedded themselves and monitored an individual’s account for weeks and were able to change payroll direct deposit information.

In another case, phishers charged thousands of dollars to credit cards of an individual who was storing credit card info in his/her email. Thankfully, both victims acted quickly enough to recover their money.

In still another case, an individual’s personal identity was stolen. Criminals used that stolen personal information to answer all of the challenge questions for resetting the victim’s Onyen password. Then, the thieves used the individual’s email account to launch more phishing attacks on campus. Thanks to fast action by the individual and the ITS Service Desk, we were able to quickly disable and restore that account.

Too often we think of phishing as a “campus problem.” But criminals don’t care how or where they get your financial information and don’t differentiate between your personal and professional accounts. Criminals use all information available to target you. For this reason, we strongly encourage you to sign up for 2-Step for email prior to November 1. For your additional protection, we also recommend you use 2-Step on all accounts that offer it, including Amazon, Google, Apple, LinkedIn, banks, retirement accounts, etc.

How to Sign Up Early for 2-Step Verification on Email

To set up 2-Step for Microsoft Office 365, follow these steps:

  1. Visit onyen.unc.edu and click on “2-Step Verification for Office 365.”
  2. Follow the quick on-screen prompts to opt in to 2-Step Verification.
  3. Visit office.unc.edu to finish your 2-Step enrollment.

You will need to download the free “Microsoft Authenticator” app to your mobile device to complete enrollment. You can visit its.unc.edu/2-step for more information. Additionally, you can contact the ITS Service Desk at 962-HELP (4357) with any 2-Step support needs.

Thank you for your continued partnership in keeping the University’s digital resources safe.

Chris Kielt

Vice Chancellor for Information Technology & Chief Information Officer.

Comments are closed.