Skip to content

Phishing: Don't Take the Bait

April 20, 2018
By Ann Kovalchick
Associate Vice Chancellor and Chief Information Officer
Office of Information Technology
 

The Office of Information Technology has recently seen an uptick in fraudulent emails circulating through our system. I’d like to take this opportunity to let our students, faculty and staff know about the circumstances surrounding compromised accounts and what you can all do to limit the amount of spam that you receive.

 
Office 365 implicitly trusts email messages that are sent internally—from one UC Merced address to another—so when a member of the UC Merced community clicks on a link in an infected email and is successfully phished, those accounts then become very effective tools for the phishing of additional accounts.
 
We can help to fix this problem by educating ourselves and our colleagues about phishing and cybersecurity more broadly. As an institution of higher learning, stewards of state resources, and in many cases gatekeepers to extremely sensitive information, every member of the UC Merced community has the responsibility to stay informed and vigilant about cybersecurity. To that end, you may refresh your knowledge about phishing here and be sure to report any new security incidents here .
 
Some specific reminders:
  • OIT will never request your password via email.
  • Messages suggesting your account will be locked, access suspended, etc are almost always fraudulent and should be reported/deleted.
  • Unsolicited job offers for "work at home" student employment opportunities are almost always fraudulent and should be reported/deleted.
 
In addition, OIT is working to deploy improved email threat protection later this year. This project should help to minimize the amount of fraudulent messages we see in the future. More importantly, we will be much better able to limit the damage that compromised accounts can do when we roll out multi-factor authentication (MFA) to the campus this fall. Both of these initiatives will require individuals to make modest adaptations on their devices and applications, but will provide considerable defenses against spam and phishing expeditions.
 
Thank you for your assistance as we work together to limit the risk and annoyance of these fraudulent messages to our campus.