The University of Utah’s Information Security Office (ISO) has reported a sharp increase in phishing and other types of cyberattacks targeting university student accounts, which have resulted in a growing number of compromised uNID accounts.
The attackers are using phishing and social engineering to gain access to users’ uNID login information, including obtaining the answers to account security questions.
The phishing attacks often impersonate U faculty, staff, students, or organizations to obtain a person’s uNID and password, usually through an email asking the user to verify their account details with a link that redirects to a fake login screen. The social engineering attacks involve manipulating users into performing actions (e.g., buying gift cards) or divulging confidential information.
In addition to obtaining users’ personal information, recent attackers have used a combination of phished and socially-engineered information to reset user passwords, allowing the attackers to keep using compromised accounts even after the password has been changed.
To protect yourself against phishing and other cyberattacks, please help educate your users so they use these IT security best practices:
- If you’re not already doing so, use multifactor authentication for your university and other online accounts. Students are strongly encouraged to proactively begin using Duo Security two-factor authentication (2FA), available at no cost, to better secure their uNID accounts.
- If you believe you’ve been the victim of a phishing attempt or other cyberattack through your uNID account:
- Forward the suspicious email as an attachment to firstname.lastname@example.org.
- If you opened a questionable link or answered a suspicious email and divulged your login credentials, answers to your security questions, or other sensitive information, immediately go to CIS and change your password, then call your central IT help desk to report the attack:
- Main campus, 801-581-4000, option 1
- University of Utah Health, 801-587-6000
- Students whose accounts have been compromised will be required to begin using Duo 2FA. Employees are already required to use Duo for their uNID accounts.