Email account owners are constantly under attack by a barrage of attempts to steal personal information, often referred to as phishing. These attacks often come during holidays when campus IT support is unavailable. See when OIT support will be available over the winter break. Even when you can’t contact the IT Service Center there are still clues and resources to help you figure out if an email is legitimate or a phishing attempt.
Although the university will periodically require you to update your IdentiKey password, you should always be suspicious of messages that ask for your private data (e.g., passwords, SSNs, credit card numbers, etc.). The university uses technology to block malicious emails and phishing websites, but this technology is no substitute for being a conscientious internet user. You should be suspicious of messages that direct you to click on a link or provide private data. In fact, a good rule of thumb is if you think it might be a phishing attempt, it probably is.
Many phishing attempts try to lure you in by saying you must respond to keep your email account active due to some event such as reaching your quota limit or a database upgrade. If your account resides on the campus Microsoft Exchange service (this applies to most faculty and staff), you can check your quota by following these steps.
The Office of Information Security provides more phishing tips and strategies for protecting your data. Also, be on the lookout for information in 2023 about the new Computer and Server Standards, including tools and processes to help keep university computers and data secure. You can learn more on the Secure Computing Project page.