What's new

Learn how to protect yourself from phishing attacks. Members of the university community can see examples of phishing messages currently in circulation; please log on with your Cardinal Credentials when prompted.

  • Use a Strong Password

    Your Cardinal Credentials password is the first line of defense in protecting you and your University data from intruders.

    Select a Strong Password

    • Make your password at least eight characters--longer is better (try 14 or more).
    • Consider using a passphrase that is long but you can easily remember. Mix in numbers, uppercase letters and punctuation characters.
    • Abbreviate words.

    Example: “When=76itco-HumanEvents” (don’t use this one).

    Use Completely Separate Passwords for Each Account

    Be sure to always use totally different passwords for each of your accounts!

    Too hard to remember?

    Install and use a password manager app such as 1Password or LastPass. Apple users can use the built-in Keychain app. Choose one that offers at least 256-bit AES encryption.

  • Use Multi-Factor Authentication

    Enable multi-factor authentication or MFA for Cardinal Mail and any personal account you have that supports it (e.g., your bank, Paypal, Amazon, Apple, Google, Microsoft).

    Use Google 2-Step Verification

    Google's 2-Step Verification helps protect you by making it harder for someone else to sign in to your Cardinal Mail account. With 2-Step Verification, you provide your password, and another piece of security info. Even if someone learns your password, they won’t be able to log on if they don't have access to your security info.

    Learn more about 2-Step Verification for Google. And turn it on.

    Use Duo Multi-Factor Authentication with University systems

    You will need to use multi-factor authentication with Duo to access certain University administrative applications.

  • Protect Your Computer

    Each computer that connects to any network should

    1. be configured to download and install operating system updates automatically,
    2. be running up-to-date antivirus software, and,
    3. if available in the operating system, have a software firewall enabled.

    Campus computers provisioned by Technology Services are configured this way by default.

    If you are a student who administers your own computer, make sure your computer is configured to do the same. Windows Defender Antivirus is built-in to Windows 10. Sophos Home is antivirus for Mac and PC that is free for personally-owned computers.

  • Protect Sensitive Data

    The safest place to work on University sensitive data is on your University-owned computer on campus. The safest way to work on administrative data is through the administrative system interface--do not download it into a file or another program.

    For employees working off campus, make sure your computer is protected as described above. Use VPN to connect to campus, and remotely connect to your campus computer to access administrative systems.

  • Read Email and Messages Safely

    Viruses and other malware are often delivered via email or messaging applications.

    Do not click on suspicious links or open unexpected file attachments that you may receive in messages.

    Hackers use Phishing to gain access to your personal and account information, by pretending to be someone you know and trust. Members of the university community can visit All about Phishing to learn more, and to see examples of recent phishing messages (please log on with your Cardinal Credentials when prompted).

  • Browse safely

    Visit only web sites of organizations and companies that you know and trust. Most spyware comes from visiting sites that contain malware.

    Consider installing an ad blocker add-in to your computer or mobile device web browser.

  • Install software safely

    Download and install software only from the device’s app store (e.g., Microsoft Store, Mac Store, iOS App Store, Google Play Store), or directly from the software manufacturer’s website. Do not obtain software from other locations.

    Be sure to heed any warning messages generated by your device at install time so that you do not allow the app to have elevated access to your device or to its services unintentionally.