Since our migration to Office 365 we are seeing a few new forms of phishing attempts coming to our users. In case you need a reminder, phishing is a method through which bad actors attempt to gather personal information — including usernames, passwords, credit card numbers and more — through malicious email links or attachments. These requests may come from UNC addresses, the email addresses of your clients and customers, and from unknown email accounts.
Please be on the lookout for the following scams in email or by phone:
- Emails asking you to confirm your Office 365 email account credentials.
- Emails warning that you will lose your email access if you do not do XYZ.
- Requests to share files via OneDrive for people you know (or don’t know).
- Phone calls from “Microsoft” about problems with your computer.
- Phone calls from “UNC IT” about problems with your computer (Problems that you did not report or ticket.).
- Phone calls from “Tech Support” about problems with your Office 365 account (Problems that you did not report or ticket.)
- Bank or other financial notices that contain a link to the banking website.
Suggestions to stay safe:
- Do not type your Onyen credentials into unknown websites, even with UNC logos.
- When in doubt, do not share OneDrive folders.
- When in doubt, hang up on unknown “IT” people offering help.
- Doubt all password and sharing requests from people you have not spoken with about the request.
- Do not use your UNC computer for any personal financial work: banking, taxes, insurance, etc.
Why someone might want to gain access to your accounts:
- Phishers and fraudsters need accounts from which to send emails.
- An email from a trusted co-worker is more convincing than one from a stranger.
- Your computer content and OneDrive content may contain SSN or financial information.
- Your computer often has saved passwords for websites and email accounts that can be used for other attacks.
- Your computer, if compromised, can be used to attack other devices inside and outside the UNC network.
- Your password, if exposed, can be used to send emails that appear to be from you and your account.