phishing alert – nov. 2023

Categories: News, Phishing

Beware of a recent phishing campaign

A few faculty and staff have fallen prey to a phishing scheme that involves Duo passcodes and direct deposit. Employees clicked on a link that brought them to a page that looked like the University’s single sign-on page and were asked to enter their username, password, and Duo passcode. When entered, the attackers grabbed the information and changed the employee direct deposit information.

By adhering to these best practices, these situations can be avoided:

  • Don’t click on links from unknown senders
  • Always hover over the url before clicking and verify the URL is legitimate
  • When using Duo, OneIT recommends using the mobile app for approval not getting and entering passcodes
  • Never share a Duo passcode
  • If you suspect you clicked on a bad link, immediately change your NinerNET password and notify the OneIT Service Desk, 7-5500.

identifying phishing attempts

Learn more tips on how to identify phishing. Please see the below two examples of recent phishing attempts:

1. The following fake login page is from a phish received on September 14 that posed as a salary increase letter. It came in the PDF format where a user had to enter in a password to click on a link which then brought them to the following Google form page.

Screenshot taken of phishing attempt example 1

2. In another example a payroll message was sent with a link that takes the user to a login page. This is a more sophisticated attack since it duplicated UNC Charlotte’s branding (The url in the address bar is not a charlotte or uncc site). Once submitted the form then takes the user to a page requesting a Duo passcode after entering their credentials. As a reminder you should always check the url and never share a duo passcode. View more details here (only available to the UNC Charlotte Community).

How Do I Report Phishing or SPAM?

If you receive an email claiming to be from a UNC Charlotte employee and the sender’s email address does not end with or, Do Not Respond, report it as phishing and delete it. You can report these to or If you have any questions, please contact the OneIT Service Desk at 704-687-5500.