Information Security
Beware of Phishing Attempts! Global Computer Incident
We are writing to inform you of an important matter concerning a global computer incident that is occurring today. The incident has affected millions of Windows computers worldwide. Cyberattackers are taking advantage of this situation by posing as Service Desk staff, Microsoft, or CrowdStrike employees and contacting members of the University community. Their goals appear to be to gather University computer credentials or deploy ransomware on devices. In light of this, we are asking members of the University community to take precautions:
1. Do not share passwords: IT will never ask for your passwords or Multi-Factor Authentication (MFA) credentials. If you receive any communication requesting this information, do not respond or provide any details.
2. Be vigilant: If you receive suspicious emails, calls, or messages claiming to be from IT Services, Microsoft, or CrowdStrike, do not engage or respond.
3. Report issues promptly: If you are experiencing problems related to today’s incident or suspect any fraudulent activity, please contact your local desktop support staff, visit the TechBar (Regenstein Library), or for an online support response, please submit a request to the IT Services Self Service Portal.
How can we help you?
- Report a possible phishing attempt
- I need to reset or recertify my CNetID or password.
- I want to know how to use two-factor authentication.
- I need an SSL, code signing, or some other kind of security certificate.
- Report a possible compromise or other security incident
- I have a question about security for my application or have my application reviewed.
- My account was locked for spamming or due to some other security issue.
- I need access to phone records, emails, or other data for an investigation or personnel matter.
- I’m traveling and received an email asking that I contact the security team.
- My computer or phone was blocked from the network due to a virus detection.
- I want to send the security team a report about a security vulnerability or some other issue I discovered.
- A website I tried to visit is blocked and erroneously listed as suspicious. What do I do?
IT Policies
Refer to the University’s official IT policies regarding data security and use of copyrighted material.
Training and User Guides
Complete security training and get user guides for helpful security tips and advice.
Phishing Alerts
Listed below are the latest phishing scams that have been acted upon by Information Security. Think you’ve received a phishing email? Don’t click it, report it.
Email Scam (June 24, 2024): $18,750.00 APPROVED.
From: Latoya Miller <latoya.miller@calhoun.edu> Date: Saturday, June 22, 2024 at 8:41 PM Subject: $18,750.00 APPROVED. You have been selected to receive a total sum of $18,750.00 allocated for 2024 CARES ACT. Allocated funding to assist relieving students and...
Email Scam (June 7, 2024): UCHICAGO DUO ALERT: All Students Should Verify Immediately
Your uchicago account has been filed under the list of accounts set for deactivation due to retirement/graduation/freshers/full-time/part-time or transfer of the concerned account holder. But the record shows you are still active in service and so advised to verify...
Email Scam (June 7, 2024): UCHICAGO IMPORTANT REMINDERS: Last day to ADD student application
Online personal assistant needed for a remote and flexible job, pay is $1200 bi-weekly with employment letter. To apply for this position, kindly send the requested information below via SMS ONLY to this phone number +1 (323) 640 XXXX * Full Name: * Full Address: *...
Security News
Check here for the latest security alerts that may affect you.
5 Ways to Outsmart a Social Engineer
“Social engineering” is a newer term for an age-old pursuit: tricking people. Whether you use the modern-day terminology or opt for longer-standing classifications (like conning, hustling, and swindling), the result is the same. Scammers aren’t afraid to tell lies—...
Ransomware Attacks
Ransomware attacks are one of the most serious cybersecurity threats we face at the University of Chicago. Ransomware is a type of malicious software that steals user data, disables the user system, and then demands payment from the victim in order to re-enable system...
3 Facts About the Internet of Things (IoT) and Guide to Best Practices
It’s likely you own one or more items that are part of the Internet of Things (IoT). This collective term is used to describe a growing number of consumer, medical, and business items that are used to sense, control, and communicate data and activities. The IoT has...
3 Wi-Fi Habits to Adopt Today
Studies have shown that most mobile device users — even those who are security-savvy — tend to throw caution to the wind when it comes to connecting to open-access, public Wi-Fi networks. Public networks are displayed in the list of Wi-Fi networks without a lock icon....