A recent cybersecurity attack attempted to bypass multi-factor authentication for users who use a phone call to receive a verification code. During this recent attack, malicious actors triggered multiple phone calls to users who then pressed #. This action allowed the actor to complete the sign-in process.

To prevent this in the future, IT Services would like users to keep the following tips in mind:

• Use a unique password for your UARK account. Never reuse the same password for multiple services.
• If you received an unsolicited multi-factor verification via phone call, text or push notification, alert the IT Help Desk at help.uark.edu or by calling 479-575-HELP.
• If you use phone calls for your multi-factor authentication and receive an unprompted verification call, press '0' and '#' to report it as fraud to IT Security.

October is Cybersecurity Awareness month. U of A faculty, staff, and students are often the target of attempts to gain login credentials or personal information through phishing scams that may claim to be coming from IT Services or a U of A department. Sometimes the email or phone call says that you must provide your user information to keep your account active or that you must act immediately to log into your account. These are fraudulent attempts and should not be replied to or acted upon.

Cybersecurity is an important initiative for the university, and each member of our campus community is an important link in the security chain. IT Services is committed to providing the resources to make our security chain as strong as possible. 

Protect yourself from phishing scams with these tips:

• Use the Report phishing button in Outlook to report phishing or scam emails to IT Services.
• Never share your passwords with anyone and use a unique password for each service to ensure if one service is compromised, it is isolated.
• Reputable institutions such as the U of A, your bank, FedEx, or the IRS will never ask for your password by email, phone, text message, or in person.
• Financial or medical institutions may communicate with you via secure messaging. You may receive an email from a financial or medical institution informing you of this message, but it will never ask for your personal information or password.
• Do not click on any embedded buttons in a phishing email, especially those that say "unsubscribe" or "remove me from this mailing list." These links often install malware on your system.
• Call the individual or office that purportedly sent the email to confirm that it is a real request.