Phishing scams are a daily threat experienced at UConn. If you receive an email that appears to be out of the ordinary, do not click on links, open attachments, or respond to the sender.

How to report

Please report suspicious emails by clicking Outlook’s “Report” button in the upper right-hand corner of the email. Your reporting efforts play a crucial role in UConn’s ability to detect and respond to threats.

How to build vigilance within our community

Please talk about phishing with others! Take a minute to discuss phishing with a coworker or student. A simple conversation can go a long way to encourage a fellow husky to use their critical thinking skills the next time an email doesn’t sit quite right. Your efforts may not only prevent a successful attack on UConn information and systems, but can also prevent a member of the UConn community from personally becoming a victim of phishing.

Here are a few ideas to start the conversation:

1. What is the most bizarre (or most convincing!) phishing email you recall receiving?
2. What are some of the foreseeable consequences of a successful phishing attack?
3. What are some feelings a person may have experienced if they were a victim of a scam?
4. What are ways we can better detect attempts at deception?
5. Have you ever brought up the dangers of phishing at the dinner table? Why or why not?

What to do if…

If you acted upon instructions from a phishing email that results in you entering your NetID credentials into an illegitimate website, please update your password at netid.uconn.edu. 

If you believe you were financially defrauded by the phishing actors or were asked to carry out financial transactions on their behalf, you are encouraged to make a report of the activity to the UConn Police or your local police department.

Revised Policies

Acceptable Use: Faculty, staff, and students should only use university IT equipment, systems, and services for university-related work and not for commercial or illegal activities. Individuals have a responsibility to protect their identity, data, and IT resources.

The sharing of accounts and/or passwords is disallowed. Systems should be properly maintained and patched to ensure security.

Data Classification Policy: Know the classification and requirements for handling various data types. Where appropriate, store your data on university managed databases and file storage systems. Protected and confidential data require additional levels of protection.

Data Roles and Responsibilities Policy: The roles and responsibilities of data stewards, data administrators, and data users are defined to ensure data is properly protected, used, and managed throughout its lifecycle.

Risk Management: Department and system owners are responsible for conducting a regular and ongoing risk assessment of the technology platforms they oversee.

Security Awareness Training Policy: Security awareness training is available to the UConn community, and the Information Security Office may mandate training for those who have access to confidential or protected information.

Use of Social Security Numbers: As systems are updated and replaced, Social Security Numbers should be used only as required.

New Policies

System and Application Security: Individuals responsible for operating or overseeing any University system or application are responsible for proper maintenance and oversight of systems and applications used by university constituents.

Mobile and Remote Device Security: Mobile or remote devices used to access any non-public IT resources owned or managed by the University must meet security requirements designed to reduce risk to University data and information systems.

Firewall Policy: Firewalls must be configured to maximize their protection and detection capabilities.

http://security.uconn.edu/wp-content/uploads/sites/1965/2021/05/ISO-Recommended-Training.docx

http://security.uconn.edu/wp-content/uploads/sites/1965/2021/05/ISO-Recommended-Training.docx