The University of North Carolina at Chapel Hill
Skip to main content

Safe computing is everyone’s responsibility

Information security plays a vital role in protecting the confidentiality, integrity, and availability of information at the University of North Carolina at Chapel Hill. To do that, we need you to be responsible users of the University’s network and computing resources. This website will provide you with guidance on important issues as you study, research, teach, and work at the University.

Latest News & Tips

  • Image

    Phish that Delivers Remote Access Tools

    We’re seeing an increase in phishing that attempts to trick you into installing a remote access tool (e.g., ScreenConnect, LogMeIn, AnyDesk, etc) on your device.  We’re also seeing these scams deliver “Adversary-in-the-Middle” credential harvest pages like what is described in this article; be wary of either threat. Important takeaways If you believe you may have provided unauthorized remote access to your computer, immediately notify UNC… Read More about Phish that Delivers Remote Access Tools.

  • Computer with lock symbol

    Phish that Defeats MFA

      This technique defeats weaker, non phish-resistant, forms of MFA which includes telephony (voice call or text/sms) and app-based (push notification, with or without number match, or one-time passcodes).  If you think you may have exposed your credential in this type of phishing:  Change your onyen password as a precaution, immediately  Report the message as suspected phishing  Notify UNC ISO to review your account for… Read More about Phish that Defeats MFA.

  • Image

    Software as a Service Guidance

    This post is intended to collect some relevant guidance about security [mis]configurations or behaviors which have led to security incidents for popular Cloud-based Software as a Service (SaaS) applications   The main takeaways are If your software will store or process UNC Sensitive Information, you must consult with the UNC Data Governance and ISO Risk Management Teams via the service request.  If you have departmental… Read More about Software as a Service Guidance.

  • Image

    Phish with Captcha

    In the phishing example below, an adversary has gained access to a trusted contact’s email (possibly they were the victim of a similar phish) and sent the following phish to members of their contact list. Here we’ll summarize specific red flags in each frame Be wary of changes in behavior. If the sender has never previously used this sharing method and/or if you’re not expecting… Read More about Phish with Captcha.

Read All News & Tips Articles

September 6, 2023

I-T-S