Important Smishing Security Message
Feb 18, 2025
Our campus community is currently experiencing an increase in cyber threats, particularly with smishing – phishing scams conducted via text messages. Information Strategy and Services (ISS) reminds all university employees and students to remain vigilant and protect your personal and CU credentials.
Cybercriminals have become very sophisticated, often spoofing the identity of someone from within the university. Faculty and staff are frequently targeted with messages appearing to come from chancellors and other senior campus leadership. Recently, text messages impersonating campus executives were sent to employees’ personal cell phones. Read more about the incident and what to do if you receive a smishing text in the recent campuswide email.
Never share your username and/or passwords with anyone, whether via phone, email, text, or any other means. No one from the university, including ISS, will ever ask you for this information.
Do not respond. Attackers depend on your curiosity or anxiety over the situation, but you can refuse to engage. Even replying to a prompt like texting “STOP” to unsubscribe can be a trick to identify active phone numbers.
Be cautious with Duo Security requests. If a request doesn’t match the timing of your MFA request, do not approve it. It may be a multi-factor phishing attempt. ISS highly recommends installing MFA with Duo app on your mobile device, as the app provides additional information about the location of the login request, ensuring it is you authenticating. Do not use SMS text or phone MFA with Duo as this is more easily compromised and vulnerable to phishing.
Thank you for your ongoing efforts to identify and thwart potential cyberattacks. We all share the responsibility to be alert, knowledgeable and mindful to protect our campus and colleagues.
