Information Technology Services has recently seen a substantial increase in the number of phishing attempts targeting the University of Nebraska System. While the security tools can catch and stop most of these attacks, the best defense against cybercrime is staying alert and informed about the ways you may be targeted.
Always be skeptical if you receive a suspicious email. These messages may appear to come from a university email address and ask for personal information. Watch for grammatical errors and ask yourself if you would normally receive that type of email from the person/organization that sent it.
If you receive a suspicious email, use the “Report Phish” button in your Microsoft Outlook toolbar to report it to the ITS team. Reporting suspicious messages this way prevents potentially dangerous links and attachments from being shared across our network and provides additional details on the message that ITS can use in addressing the issue.
If a suspicious email comes to your personal email account outside of Microsoft Outlook that looks like it could be from a NU email address, please let the ITS team know by emailing its-sec-ops@nebraska.edu.
Many university systems utilize Two-Factor Authentication, provided by Duo, which adds an extra layer of protection for online systems. However, it’s important that you never approve a Duo notification unless you are certain you initiated the security check. If you receive a notification from Duo that you’re uncertain came from you, hit Reject in the Duo app.
Cybersecurity training is available to all students, faculty and staff in Bridge (https://nebraska.bridgeapp.com/learner/category/20). ITS encourages everyone to complete training on phishing so that you’re mindful of what these types of emails look like and what you should/shouldn’t do if you receive suspicious messaging.
Additional Security Tips
Do not respond to any suspicious emails
If you receive an email asking you to review a document or click on a link, check with the sender of the email first, preferably via phone, to make sure it is a valid request
Verify who sent an email by hovering your mouse over the sender’s name
Never accept cash or checks from someone you don’t know or an unknown organization