Enhance account security to prevent automated phishing and social engineering

As artificial intelligence and automation technologies continue to develop rapidly, cyberattack techniques are becoming increasingly sophisticated. Incidents involving automated phishing emails, brute-force attacks, and targeted social engineering aimed at user accounts are also on the rise, posing tangible risks to campus information security and personal data protection. To reduce the likelihood of account compromise and personal data leakage, please complete the following three basic protective measures to mitigate these risks.

Common Attack Techniques

• Brute-force / credential stuffing

  Attempt logins using common or leaked passwords.

• Mass phishing emails

  Look like official notices and lure users to log in or download via attachments/links.

• Targeted social engineering

  Imitates supervisor requests and real work scenarios to lower vigilance.

Three Immediate Actions

1. Enable multi-factor authentication (MFA)

   Add push alerts, one-time codes, or a hardware key in addition to your password.

2. Strengthen password management

   Use a password manager to create strong passwords and avoid reuse or sharing.

3. Patching

   Prioritize fixing known exploited vulnerabilities (e.g., KEV) based on security advisories.