Information Security
October is Cybersecurity Awareness Month
The University of Chicago is proud to be a 2022 champion!
Join us as we share weekly cybersecurity tips, helpful resources, and events posted on our Cybersecurity Awareness Month website.
Information Security Training
Read our FAQ for more information about Core Information Security Awareness training.
How can we help you?
- Report a possible phishing attempt
- I need to complete Security Awareness Training
- I need to reset or recertify my CNetID or password.
- I want to know how to use two-factor authentication.
- I need an SSL, code signing, or some other kind of security certificate.
- Report a possible compromise or other security incident
- I have a question about security for my application or have my application reviewed.
- My account was locked for spamming or due to some other security issue.
- I need access to phone records, emails, or other data for an investigation or personnel matter.
- I’m traveling and received an email asking that I contact the security team.
- My computer or phone was blocked from the network due to a virus detection.
- I want to send the security team a report about a security vulnerability or some other issue I discovered.
- A website I tried to visit is blocked and erroneously listed as suspicious. What do I do?
IT Policies
Refer to the University’s official IT policies regarding data security and use of copyrighted material.
Training and User Guides
Complete security training and get user guides for helpful security tips and advice.
Phishing Alerts
Listed below are the latest phishing scams that have been acted upon by Information Security. Think you’ve received a phishing email? Don’t click it, report it.
Email Scam (Sep 28, 2022): NEW MARKETPLACE LOOK LOOKSREWARD
Date: Sepetember, 2022 From:Jaylene Addington <eboukwkoondb@131fz[.]ru> Note: We have seen multiple variations of the email above. Be cautious and vigilant while responding to such emails.
Email Scam (Sep 17, 2022): You have outstanding debt.
Note: Allowing an entire uchicago.edu domain or your own @uchicago.edu email address in your Safe Senders List is problematic as well, as scammers can spoof your own address as the sender, making it appear as though your account was compromised, or masquerade as a...
The University of Chicago ( Final Notifications ) (Sept 15, 2022): Credential Stealing Phish
Date: Thu, 15 Sep 2022 Subject: The University of Chicago ( Final Notifications ) Our records indicated that your Office365 has two different logins with different 'University/College' portals. Kindly indicate the different login as soon as possible. To avoid...
Security News
Check here for the latest security alerts that may affect you.
Text Message Scam ( August 9, 2022 ): SMS Impersonation of University VIPs
Date: August 9, 2022 From: +(213)205-5089 The following is part of an example of what a UChicago user saw and responded to the initial scammer message. We have currently observed some scam campaigns through phone text (i.e. smishing) where the attacker tries...
Cybersecurity First – Oct 25, 2021
Cybersecurity is a Team Sport Cybersecurity is a shared responsibility, and the University of Chicago’s security efforts will only be successful when all members of the campus community understand the risks and take steps to avoid them. We offer the following tips to...
Cybersecurity Career Awareness Week
Cybersecurity is a dynamic and rapidly growing field, with new threats and challenges emerging each day. And with that, there is a huge push being undertaken by both business and education sectors to attract individuals toward a degree and career in cyber. Whether...
Protecting Yourself Against Ransomware Attacks
In week 1 of Cybersecurity Awareness Month, we focused on educating you on the different types of phishing attacks we have seen and that many have reported receiving in the UChicago community. The most important element in a successful phishing attack is the human...
5 Ways to Outsmart a Social Engineer
“Social engineering” is a newer term for an age-old pursuit: tricking people. Whether you use the modern-day terminology or opt for longer-standing classifications (like conning, hustling, and swindling), the result is the same. Scammers aren’t afraid to tell lies—...
Ransomware Attacks
Ransomware attacks are one of the most serious cybersecurity threats we face at the University of Chicago. Ransomware is a type of malicious software that steals user data, disables the user system, and then demands payment from the victim in order to reenable system...
3 Steps to Fight Phishing
Chances are good that at some point you’ve received a suspicious email urging you to click on a link or open an attachment. This email was most likely an example of the cybercrime known as phishing. Phishing is when cybercriminals send malicious emails designed to...
3 Tips to Managing Passwords and PINs to Avoid Account Compromise
We have so much to remember every day. Add to that the dozens (or more) passwords and PINs we must remember in order to log in to work and personal accounts, and it’s easy to feel overwhelmed. And when we’re overwhelmed, it’s easy...
3 Facts About the Internet of Things (IoT) and Guide to Best Practices
It’s likely you own one or more items that are part of the Internet of Things (IoT). This collective term is used to describe a growing number of consumer, medical, and business items that are used to sense, control, and communicate data and activities. The IoT has...
3 Wi-Fi Habits to Adopt Today
Studies have shown that most mobile device users — even those who are security-savvy — tend to throw caution to the wind when it comes to connecting to open-access, public Wi-Fi networks. Public networks are displayed in the list of Wi-Fi networks without a lock icon....