Attention! Your email password expires in two hours. Click here to change it or access will be denied.
We’ve upgraded the unl.edu security system. Kindly click here to update your account.
Attached are secured PDF copies of your shopping documents. Click here to view the documents and track your shipment.
The University of Nebraska posted two messages for you on the Blackboard Learning System. Log into the portal here.
Each of these is an example of a phishing attack that recently squirmed through security filters and into University of Nebraska–Lincoln email inboxes.
Before we dive into how to protect yourself and the university from an increasing array of these data/access-seeking assaults, know two things:
UNL will NEVER ask students, faculty or staff for login credentials via a link in an email. So, DO NOT click any link that asks you to log in; and
Be cautious when opening email. If a suspicious email asks for a click to log into a secure site, do not trust it. Instead of clicking the link — which could be designed to steal your login information and/or install malicious software on your computer — open a web browser and go to the site directly. Also, do not open attachments in suspect emails. These attachments can contain a virus or a malware installer that can infect computers.
Now, on with the story about how you can be the phish that got away.
“We’ve definitely seen a uptick in the total number and sophistication of the phishing emails targeting UNL,” said Cheryl O’Dell, senior information security analyst with UNL’s Information Technology Services. “More than 90 percent of the phishing and spam email sent to UNL accounts is blocked before it is delivered. Students, faculty and staff need to be wary of that remaining 10 percent.”
Information about the most recent and convincing phishing attacks directed at UNL is available at http://phishing.unl.edu. The website also includes details on how to spot phishing messages and what to do if faculty, staff and students receive a suspicious email.
“If you suspect a message is a phishing attempt, forward it to our security team at security@unl.edu,” O’Dell said. “When alerted to these emails, we stop what we are doing and assess it immediately. If it is crafty and has the potential to trick people, we block the associated URL and issue an alert.”
The alerts are posted to the phishing website and to individuals who received the message.
Members of the campus community who receive a phishing message and click through a link within should contact the ITS security team via email to security@unl.edu or call 402-472-3970. Those individuals should also immediately change their UNL password.
“Once they get your login credentials, these hackers can log in to any UNL site and they can possibly get access to your Firefly account,” O’Dell said. “You may think no one would want access to your account, but there are people out there who do.
“They want access to our fast internet connection so they can start hacking away at other campus systems and services.”
To help increase awareness about cyber security issues on campus, ITS has launched “Cybersecurity Thursday,” a series that will offer information on related topics at a booth in the Nebraska Unions during lunchtime. The first session, which will focus on phishing, is 11 a.m. to 1 p.m. April 14 in the Nebraska Union. Future “Cybersecurity Thursday” sessions will be posted on the UNL events calendar.
The university is also building safeguards into official UNL login interfaces. The measures — which include a padlock icon and clickable green bar in the address bar of a browser — are designed to give users greater assurance that they are logging into a genuine UNL website. For more information on the new login safeguards, click here.
Other methods to protect campus computers include keeping computer software up to date and installing free antivirus software available for all UNL students, faculty and staff.
“The best thing faculty, staff and students can do to protect themselves from these phishing attacks is to be cautious,” O’Dell said. “Also go to the UNL phishing website and be aware of what kind of attacks we are receiving and what you can do to prevent them.”
For more information on information security at UNL, click here.