As promised, the third part in this phishing tip series is about what you can do to outsmart the bad actors who want to steal your information.
Phishing attacks don’t just target individuals; they target universities because one compromised account can expose research data, student records, or entire systems. Awareness is important, but action is what keeps you and your institution safe:
- Pause before you click – If an email or text sounds urgent — “your account will be locked” or “respond immediately” — take a moment. Attackers use urgency to bypass your judgment.
- Verify through official channels – If someone claiming to be IT, a dean, or a vendor emails you with a request, don’t respond to the message directly. Contact them using a known university directory or campus website.
- Inspect links before opening – Hover over links to see where they actually lead. Look for odd spellings, extra characters, or domains that don’t end in your institution’s official .edu address.
- Turn on Multi-Factor Authentication (MFA) – We use DUO here on campus, but if you have the opportunity to have MFA on personal accounts, specifically sensitive accounts like banking, use it. Even if your password is stolen, MFA can block unauthorized access.
Staying alert and taking a few extra seconds to verify can stop a phishing attempt before it becomes a campus-wide problem.