The Office of Information Technology says cyber criminals are sending phishing emails to universities to steal their employees’ direct deposit paychecks. The email attacks have been employed on the campus of at least one Triangle university.
To protect yourself against cyber theft, be sure to:
- Never give out your Unity ID and password. NC State IT personnel will never ask you for this.
- Always access your employee information via the MyPack Portal link on the NC State home page.
- Look out for replica websites—both good and bad—of the university’s single sign-on screen. (See Don’t Get Hooked by Phishing!)
- Never open any email or attachment from someone you don’t know. If you’re not expecting it, don’t open it unless you verify it with the sender.
- Always hover over a link to verify its intended location. Never click on suspicious or unrecognized links in emails, including those from NC State.
- Activate Google’s 2-Step Verification (makes your accounts and documents more secure).
If you believe you have responded to a phishing attack, do the following:
- Change your password immediately.
- Confirm your direct deposit information in MyPack Portal.
- Delete any Gmail filters that may be redirecting your email.
Be vigilant. These and many similar phishing attacks are a constant and can be extremely damaging to you and the university. Forward any suspicious email with an ncsu.edu address to firstname.lastname@example.org or call the NC State Help Desk at 515-HELP (4357).