To help protect university accounts from rising cyber threats, the University of Iowa is retiring text (SMS) and phone call options for two-step logins for all users by Oct. 1. These methods are less secure than using the Duo Mobile app.  If you haven't already, learn how you can switch to the Duo Mobile app and make your account more secure.

Email phishing scams remain an effective tactic for cybercriminals looking to steal passwords and other sensitive info. Universities are among the most tempting targets for scammers.

The university’s security systems catch many phishing messages before they reach your inbox, but a few creep through. The most sophisticated phishing emails look like legitimate messages from services you use or people you know.

Phishing red flags

Phishing messages used to look sloppy, riddled with spelling errors and other telltale signs. Today’s phishing attacks can be much more polished. They might copy the design of real messages or point you to websites that look authentic.

Even when an email looks and sounds real, the content, especially the action it encourages you to take, can signal a scam. Look out for:

• Requests to provide log-in credentials or reset your password: Never provide your login name or password—legitimate organizations will not request this or other sensitive info. Ignore password-change requests you didn’t initiate.
• Suspicious email addresses: Check to make sure email addresses match the name of the sender on the email. Check for subtle misspellings or a domain that seems unfamiliar or doesn't match the purported sender’s organization. (The domain is the information that follows the @ sign in an email address, like uiowa.edu.)
• Urgent language: Don’t fall for messages that demand you take immediate action to protect your account. Beware of fake “invoices” that claim you’ll be charged for a service you didn’t purchase—these are almost always phishing messages.
• Links or attachments you didn’t expect: When an email asks you to visit a site or service, navigate there directly in your web browser rather than clicking a link. You can hover your cursor over a link to reveal their actual destinations. Also, don’t open attachments you aren’t expecting.

Dealing with suspicious emails

Trust your instincts. If an email seems suspicious, it’s probably a phishing attack. Follow these steps to protect yourself and your account:

1. Report the email: Forward suspicious messages to your local IT support, help desk, or security team. See more information about reporting phishing.
2. Delete the email: Once reported, delete the message and empty your trash folder to avoid accidental clicks later.

Staying vigilant and dealing with suspicious messages properly can protect you from phishing scams and safeguard personal and university information. 

Upcoming changes to Duo two-step logins

To protect university accounts from rising cyber threats, the University of Iowa is retiring text (SMS) and phone call options for two-step logins by Oct. 1. You may have already received a message about the Duo Mobile app.

Please ensure that you’ve installed the Duo Mobile app on your mobile device and can use it to authenticate your account when logging in. This will allow you continued access to Office 365, Employee Self-Service, and other systems without interruption.

If you need to configure a new device for the Duo Mobile app, you may be required to have a face and ID verification through Zoom or Teams with the ITS Help Desk.