The morning of March 1, 2017 university officials learned of an ongoing phishing attack targeting UNCG users. UNCG users were being targeted by one or more campaigns designed to appear to be communicating university safety and security information.
What did the phishing emails look like?
- The subject line of the email was “CAMPUS SAFETY NOTIFICATION” or a similar variation
- The email sender was NOT a uncg.edu address
- The email message stated that a security situation required the recipient to “follow protocols as outlined in the hyperlink”.
- The email contained a link to a non uncg.edu website
- The email was signed by the name of person who is not affiliated with the university
The phishing campaign was an attempt to socially engage targets of identity theft. This is a strategy known as a ‘social engineering attack.’
Examples of illegitimate websites used for identity theft, including screenshots, are available at the ITS website: UNCG Phishing Gallery.
Do you have to do anything now?
- ITS has taken measures to remove these particular phishing messages from the system.
- Do NOT respond to the email.
- If you have not yet done so, delete the email.
- There is no reason to believe that simply by being a recipient of the email you are compromised. If ever you suspect that you are compromised, you should immediately reset your password via https://reset.uncg.edu and then contact 6-TECH for additional steps.
Be aware that having received one of these emails, you are more likely to receive subsequent ones. ITS also encourages users to enroll in “2-Factor Authentication” via its.uncg.edu/2fa for additional security.
General information about identifying phishing links
Usually you can tell whether a link is going to the appropriate place by hovering over the link and checking to see if the text of the link is the same as the actual target of the link.
ITS reminds users to never reset their password on any site except the official reset.uncg.edu website. ITS also reminds users to be extremely careful which websites they provide their UNCG password to. Most UNCG websites will be located at URLs that contain “.uncg.edu” directly before the first forward slash. For example, if you look at the URL when you log in to your UNCG iSpartan email account, it will appear as https://idp.uncg.edu/idp/Authn/UserPassword. Seeing “uncg.edu” appear directly before the first forward slash will prove it is a trusted website. For other examples like this, look at the URL when you are logging into other campus services like Canvas, Box, Qualtrics, and Office365. They will appear the same.
In some specific cases, official UNCG services are provided at other URLs that may not contain “uncg.edu” before the first forward slash. In those situations, if you are suspicious or confused as to whether it is a trusted website, contact the UNCG office providing that service before entering your username and password.
If you have questions or need more information, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.