Stay Protected From Email Phishing Scams

No matter the time of year, scammers can target your email inbox looking to steal your personal information. While our security tools can catch and stop a majority of these kinds of attacks, the best defense against cybercrime is staying alert and informed about ways you may be targeted.

Each month, millions of emails are blocked across the University of Nebraska system and many of these suspicious emails can look like official or legitimate requests for information. Some of the highest-risk emails are those that get sent from authentic-looking accounts because they are copying actual unomaha.edu email addresses.

Always be skeptical if you receive a suspicious email. These messages may appear to come from a university email address and ask you for personal information. Watch for grammatical errors and ask yourself if you would normally receive that type of email from the person/organization that sent it.

Receive a Suspicious Email?

Microsoft Outlook has the option to add a "Report Junk" to your toolbar. Use the three dots in the upper-righthand corner of your email app to make this addition if you don't have it already. If you receive a suspicious email please use this tool to report it to our ITS team. Reporting suspicious messages this way prevents potentially dangerous links and attachments from being shared across our network and provides additional details on the message that ITS can use in addressing the issue.

If you receive a notification from Duo that you’re uncertain came from you, hit Reject in the Duo app.

If a suspicious email comes to your personal email account outside of Microsoft Outlook that looks like it could be from a UNO email address, please let the ITS team know by emailing its-sec-ops@nebraska.edu.

What to Do If You're A Victim

If someone believes that they have clicked on a phishing link they should immediately change their password and then open a ticket through the UNO Help Desk so that they can investigate the issue. We typically do not ask an individual in this situation to contact public safety unless they have suffered identity theft, financial loss, or abuse/harassment.

Two-Factor Authentication

Remember that many University systems utilize Two-Factor Authentication, provided by Duo, which adds an extra layer of protection for online systems. However, it’s important that you never approve a Duo notification unless you are certain you initiated the security check. If you receive a notification from Duo that you’re uncertain came from you, hit Reject in the Duo app.

Educate Yourself

Cybersecurity training is available to all students, faculty and staff in Bridge. ITS encourages everyone to complete training on phishing so that you’re mindful of what these types of emails look like and what you should/shouldn’t do if you receive suspicious messaging.

Additional Security Tips

• Do not respond to any suspicious emails

• If you receive an email asking you to review a document or click on a link, check with the sender of the email first, preferably via phone, to make sure it is a valid request

• Verify who sent an email by hovering your mouse over the sender's name

• Never accept cash or checks from someone you don't know or an unknown organization