Cybercriminals double down on remote workers

Criminals have crafted a new way to steal your personal information. The short of it is, phishers are now making phone calls and creating custom sites to steal your VPN credentials.

Here’s how it works: An attacker, pretending to be with OneIT, would call an employee—particularly during onboarding—to troubleshoot their VPN access. The criminal would then attempt to secure the employee’s login information or direct them to a site to input their credentials. Often, the URL for the type of phishing site described uses an organization’s name, and the site may include working links to internal resources to help victims believe the request is real.

Here’s what you can do: Always beware of phone calls asking for personal information, and if you’re unsure, you can hang up and call the IT Service Desk directly at 7-7550. In addition, students, faculty, and staff should be up-to-date with their Data Security Awareness training. Visit onlinelearning.uncc.edu, sign in with your NinerNET credentials, and search for “Data Security.”