The following Memorandum was emailed to all UNCG students, faculty and staff on January 7, 2016.
TO: UNCG Community
FROM: Provost Dana Dunn
Vice Chancellor Charles Maimone
Vice Chancellor Jim Clotfelter
DATE: January 7, 2016
RE: New Phishing Protections
During the past several months, UNCG and other campuses have seen a significant increase in the number of “phishing” attacks. Phishing is the act of attempting to gain personal information via email for the purpose of identity theft. For more information, please refer to Protect Yourself Against Phishing Attacks and the ITS Phishing Gallery web site.
Over the course of the next few months, we will implement additional measures aimed at limiting these and other information security attacks. None of these efforts can be fully successful without your cooperation and, because no user is immune from these attacks, additional requirements for all UNCG email service users will be necessary to protect valuable personal and institutional data and resources.
Below is a description of current and future anti-phishing initiatives, including required training and user validation steps:
- SPAM Processing (active)
In December 2015, Information Technology Services (ITS) implemented stronger filtering criteria for processing spam. Users are advised to check their spam file to identify any valid addresses that might be filtered by this new criteria.
- ITS Proactive Monitoring of Email from Spoofed UNCG.EDU Addresses (active)
Proactive Monitoring assists in the identification of “spoofed” emails, where a non-UNCG person appears to be sending emails with a UNCG address.
- ITS Ability to Remove Phishing Emails from Individual Accounts (active)
Phishing emails can be removed from mailboxes before they are opened. This will reduce the likelihood that recipients will see the email and click on a link to a phishing website.
- Verified Campus Communications Repository (available 1/8/2016)
UNCG campus-wide email communications will be stored in an online repository, to allow users to verify authenticity. Initially, this will be limited to email from the Chancellor’s Office, the Provost’s Office, University Relations, University Police, and ITS.
- Security Awareness Training and Education (available 2/1/2016)
Understanding security best practices, including increased phishing awareness, is essential to securing the University’s information assets. At our request, ITS has developed an online security awareness training module that will be availableJanuary 31, 2016. All faculty and staff must complete this training within 90 days.
- Improved Compromised Account Processing (available 2/1/2016)
ITS will take steps to remediate compromised accounts more quickly.
- Multi-factor Authentication (MFA) (available 2/15/2016)
MFA will require user validation beyond a User ID and Password to give an additional layer of security at login. Employees with access to data classified as “high risk,” and users compromised a second time, will be required to use MFA. A supervisor can require that his/her staff use MFA. Other users are encouraged, but are not required.
ITS will coordinate these efforts with units that may be affected.
As always, ITS reminds you to confirm the safety of all links in electronic communications by hovering over them with your cursor and confirming legitimacy of the destination. In addition, never click on unverified website links and report suspicious messages and links to 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.
This email is an official communication from the University of North Carolina at Greensboro. You may verify official university emails by checking the Verified Campus Communications Repository. If you have questions about the VCCR, or the authenticity of an email message you have received, please contact the sender of the message or search the UNCG website for “VCCR”.