Skip to main content

This week for Cybersecurity Awareness Month we look at fraud and phishing.

Email is the most commonly used way of attacking a large enterprise such as UNC-Chapel Hill. Email attacks require minimal resources to launch and are difficult to defend against. The two main types of attacks are malware and phishing:

  • Malware (malicious software) is sent as an attachment or a link with the goal of infecting the user’s computer. Malware works by stealing data stored on your computer, by taking control of your computer or by spreading to other connected systems.
  • Phishing emails appear to be sent from a legitimate source in order to trick you into providing your login credentials (Onyen). Those credentials are then used to send spam, compromise other users, or attempt unauthorized access to privileged information.

Phishing attacks and scams have thrived since the COVID-19 pandemic began in 2020, and today, phishing attacks account for more than 80% of reported security incidents.

Cyber criminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from—even if the details appear accurate— or if the email looks ‘phishy,’ do not respond and do not click on any links or attachments found in that email. When available use the “report phish” or “report” option to help your organization or email provider block other suspicious emails before then arrive in your inbox.

You should see a new button (added in September) in your Outlook header labeled “Report Message.”

Report Message button

If you receive a suspected phishing message, simply click the “Report Message” button and select “Phishing.” The report will forward immediately to Microsoft to be evaluated. If it is confirmed to be a phishing message, Microsoft will remove the bad message from all our mailboxes and block it worldwide. One report from you can save thousands of coworkers from having to see that message.

Because phishing has become so financially profitable, it’s important that you review any email you receive before opening an attachment or clicking a link. Clues that an email is a phish include suspicious formatting, language requesting urgent action be taken regarding an account, poor grammar from a known ‘Sender,’ etc. Users should immediately report suspicious emails using guidelines on the ITS Phish Alerts webpage. One of the most effective protections against phishing is 2-Step Verification. Should you receive an unexpected 2-step notification, it is a sign that you need to contact the ITS Service Desk immediately. Never accept a 2-step notification that you did not initiate.

If you’d like more information about any of this, contact your local IT support or your Finance and Operations IT Security Liaison Dan L. Barker at

Comments are closed.