Information Security
Community Spring Shred Fest
IT Services is proud to partner with R4 and the Office of Sustainability for Spring Shred Fest!
Help protect yourself from identity theft! Bring documents that contain your personally identifiable information (PII) – such as bank statements, credit card applications/statements, receipts, tax returns, medical records, etc. – and we’ll securely shred them on-site.
We are also accepting removed hard drives and e-waste at this event which will be shredded securely off-site. Click here for a list of accepted items.
Join members of Information Security in the south parking lot of the Press building (1427 East 60th St.) on April 18th from 11 a.m. – 2 p.m.
Enjoy a free taco dinner and giveaways when you stop by!
Information Security Training
Read our FAQ for more information about Core Information Security Awareness training.
How can we help you?
- Report a possible phishing attempt
- I need to complete Security Awareness Training
- I need to reset or recertify my CNetID or password.
- I want to know how to use two-factor authentication.
- I need an SSL, code signing, or some other kind of security certificate.
- Report a possible compromise or other security incident
- I have a question about security for my application or have my application reviewed.
- My account was locked for spamming or due to some other security issue.
- I need access to phone records, emails, or other data for an investigation or personnel matter.
- I’m traveling and received an email asking that I contact the security team.
- My computer or phone was blocked from the network due to a virus detection.
- I want to send the security team a report about a security vulnerability or some other issue I discovered.
- A website I tried to visit is blocked and erroneously listed as suspicious. What do I do?
IT Policies
Refer to the University’s official IT policies regarding data security and use of copyrighted material.
Training and User Guides
Complete security training and get user guides for helpful security tips and advice.
Phishing Alerts
Listed below are the latest phishing scams that have been acted upon by Information Security. Think you’ve received a phishing email? Don’t click it, report it.
Email Scam (Feb 14, 2023): Invoice from PayPal
Date: February 14, 2023 From: service@paypal.com The attackers have been currently seen using the Paypal Invoice option to scam users via TOAD (Telephone Oriented Attack Delivery) method. The URL upon clicking directs the user to the legitimate Paypal site that states...
Email Scam (Jan 7, 2023): Document shared with you: “NEWRESOURCE”
Sent: Sat Jan 07 22:38:00 UTC 2023 Subject: Document shared with you: "NEWRESOURCE"
Email Scam (Jan 7, 2023): ADMINISTRATIVE ASSISTANT REMOTE JOB
Date: Sat Jan 07 18:43:11 UTC 2023 Subject: ADMINISTRATIVE ASSISTANT REMOTE JOB
Security News
Check here for the latest security alerts that may affect you.
5 Ways to Outsmart a Social Engineer
“Social engineering” is a newer term for an age-old pursuit: tricking people. Whether you use the modern-day terminology or opt for longer-standing classifications (like conning, hustling, and swindling), the result is the same. Scammers aren’t afraid to tell lies—...
Ransomware Attacks
Ransomware attacks are one of the most serious cybersecurity threats we face at the University of Chicago. Ransomware is a type of malicious software that steals user data, disables the user system, and then demands payment from the victim in order to reenable system...
3 Steps to Fight Phishing
Chances are good that at some point you’ve received a suspicious email urging you to click on a link or open an attachment. This email was most likely an example of the cybercrime known as phishing. Phishing is when cybercriminals send malicious emails designed to...
3 Tips to Managing Passwords and PINs to Avoid Account Compromise
We have so much to remember every day. Add to that the dozens (or more) passwords and PINs we must remember in order to log in to work and personal accounts, and it’s easy to feel overwhelmed. And when we’re overwhelmed, it’s easy...
3 Facts About the Internet of Things (IoT) and Guide to Best Practices
It’s likely you own one or more items that are part of the Internet of Things (IoT). This collective term is used to describe a growing number of consumer, medical, and business items that are used to sense, control, and communicate data and activities. The IoT has...
3 Wi-Fi Habits to Adopt Today
Studies have shown that most mobile device users — even those who are security-savvy — tend to throw caution to the wind when it comes to connecting to open-access, public Wi-Fi networks. Public networks are displayed in the list of Wi-Fi networks without a lock icon....
Beware Coronavirus (COVID-19) Cyber Scams
We would like to warn everyone to remain vigilant for scams related to coronavirus 2019 (COVID-19). Cyber criminals may send phishing emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to...
Urgent? Are you available? Assistance needed immediately.
Have you received an email with this as a subject? Seemingly from your manager or department chair. Information Security wants to make you aware of an active, persistent scam that is targeting the University as well as many other institutions. These types of email...
Add a University Account Recovery Email and Phone Number
If you’re unable to log in with your CNetID and password to access University services, you can call IT Services for support during business hours. But what happens if you get locked out late at night and can’t reach ITS? Fortunately, you can set up a University...
CRITICAL Security Advisory: Remote Desktop Services Remote Code Execution Vulnerability
In response to a new security vulnerability impacting users of Microsoft Windows, the University is taking actions to ensure that our campus network is protected. Starting Tuesday, May 21, the University will begin requiring all use of Remote Desktop (RDP) from...