Beginning Monday, November 24, 2025, Cornell will begin a pilot of enhanced anti-phishing protections that come with our investment in Microsoft A5 Defender. 

Why are we making this change and why now?

As you may be aware, hacktivists have been aggressively targeting higher education institutions, resulting in major breaches, with Princeton, Harvard, Columbia, and NYU as recent examples. In nearly all instances, the breach began with an unsophisticated phishing attack. 

Cornell has seen a surge of successful phishing attacks in recent months, prompting us to add this urgent change to other measures, such as removing unsafe Duo methods, enabling DMARC email security, and requiring Secure Connect.

What to expect

The change is expected to reduce the amount of phishing email received by Cornell accounts. For this pilot phase, only IT staff across the Ithaca-supported campuses will be affected by the change. 

The change for everyone at the Ithaca-supported campuses will take place prior to the winter break, following a review of the pilot and the impact.

 While a significant number of false positives is not anticipated, please periodically review your Outlook Junk folder to be sure. Limited early tests of the more aggressive anti-phishing policy with a limited group of users did not result in false positive issues.

Beware of fictitious helpdesk calls

As Cornell tightens the security of our systems, criminals may attempt to impersonate the IT Service Desk or other helpdesks by contacting you via phone or SMS text message and asking you to approve Duo prompts. Do not fall prey to this tactic. Instead, end the call and contact your department’s IT support staff or CIT’s IT Service Desk.

Questions or concerns

Please contact Pete Bosanko (pb10@cornell.edu) with questions and concerns.