Here’s how it works: An attacker, pretending to be with OneIT, would call an employee—particularly during onboarding—to troubleshoot their VPN access. The criminal would then attempt to secure the employee’s login information or direct them to a site to input their credentials. Often, the URL for the type of phishing site described uses an organization’s name, and the site may include working links to internal resources to help victims believe the request is real.
Here’s what you can do: Always beware of phone calls asking for personal information, and if you’re unsure, you can hang up and call the IT Service Desk directly at 7-7550. In addition, students, faculty, and staff should be up-to-date with their Data Security Awareness training. Visit onlinelearning.uncc.edu, sign in with your NinerNET credentials, and search for "Data Security."