Since October, criminals have deluged Cornell with more than 300,000 phishing email attempts.
 
That’s more than 6,000 emails per day trying to steal your password.

You didn’t see most of them thanks to measures that the IT Security Office put in place, like DMARC security, stronger Duo requirements, and more. Add to this your vigilance and that of other Cornell community members, and the result is that Cornell has not yet fallen prey to attacks like ones seen at our Ivy League and higher-ed peers.

Gifting Ship-Shape Security

Unfortunately, we can’t afford to lower our guard even for a moment. It only takes one lapse on our part to make those failed 300,000 phishing attempts pay off for the criminals. One success for them could expose contact information for entire populations. One success for them could tarnish Cornell’s reputation. 

As always, it all comes down to each of us. Here are five easy things you can do for yourself and Cornell this December:

1. The time to use a passkey is now. 
   
The Secure Connect passkey is a fortress against attacks. Enroll and use a Secure Connect passkey, the only security that can’t be phished.
2. Delete old data.  
   Check Box, OneDrive, Google Drive, file systems, and other locations for spreadsheets, files, or data that you no longer need, then delete. If you no longer have it, it can’t be stolen!
3. Keep Cornell data on Cornell devices.  
   Don’t use non-Cornell devices or cloud services to store, handle, or even touch university data. Only use a Certified Desktop computer--it includes verifiable protections necessary to keep data safe for the entire duration you’re accessing it.
4. Set a password recovery email address with two-factor authentication.  
   This non-Cornell email address will be used to communicate with you if there’s ever a situation where the university mail system is not trusted because of hacker activity.
5. Stay scam-smart.
   
With the rise of AI, hackers can flood universities with messages that look real. They can also use AI to masquerade as helpdesk staff. Scams come via email, phone, and SMS text. When in doubt, contact your department’s IT support staff or the IT Service Desk to verify.

You can prevent your account from becoming a scammer's success story this holiday season! Get started with Secure Connect, stay smart, and maintain your vigilance, and peace of mind will be the gift you’ve given yourself.