When you log in to ConnectCarolina, UNC email, or Campus VPN, you have to verify that “you’re you” with your mobile device or landline phone. Have you wondered if 2-Step Verification really keeps you safer? We’re here to tell you it does.
From January through August of 2018 (before 2-Step), 363 accounts were compromised by phishing attacks. The same period of this year (after 2-Step), only three accounts were compromised. (Source: ITS Metrics Dashboard) According to Dennis Schmidt, Chief Information Security Officer, those three successful phishing attacks were “pretty sophisticated attacks. The phisher was waiting live and generated a push. The victim thought they’d logged in to a legitimate site.”
Make no mistake, only three successful attacks this calendar year doesn’t mean the number of attempts has gone down. Schmidt recommends that “even with 2-Step, we shouldn’t be letting our guards down. If you think an email looks slightly suspicious, you should check it closer.”
What should you look for in an email? The “from” line is the most important line. When you get an email that looks weird, take a closer look. Make sure that the email address of the sender is the person’s actual email address, not just their name on the line.
Phishing is still a very real problem. While 2-Step Verification is making a visible difference in keeping our UNC accounts safe, we all need to remain vigilant about emails that look a little “off.” That way, we can watch this graph bottom out at zero and stay there.