Phishing
Some emails are treats. Others? Tricks. 🎃
Phishing scams are designed to look real by posing as a professor, a campus office, or someone you know. But one click can open the door to stolen passwords or compromised accounts.
Here’s what to watch for:
➡ Urgent language designed to pressure you (like “deactivation notices” or account-related warnings)
➡ “Too good to be true” offers — such as retired faculty giving away cars, musical instruments, or tools
➡ Links that don’t match the sender or seem out of place
➡ Messages asking for your NetID, password, or other sensitive info
⚠️ Remember: UMass Amherst IT will never ask for your password or personal information by email.
Password Management
A strong password is your first defense. And no — “UMass123!” doesn’t count. ❌
Weak or reused passwords are like leaving your front door open. A breach could give someone access to your email, your files, your bank account, or even university systems.
Here’s how to make your passwords work harder:
➡ Use different passwords for different accounts.
➡ Don’t share them — not even with friends or coworkers.
➡ Ditch the sticky notes (or the Notes app on your phone) and use a secure password manager instead.
➡ When in doubt, change it out (especially if something feels off).
➡ Add a recovery option: register your non-UMass email in SPIRE so you can reset your password even when the Service Desk is closed.
Shortcuts are tempting, but they’re also what attackers count on.
Two-Step Login
Strong passwords are essential, but they’re not invincible. That’s why UMass Amherst uses two-step login: an extra layer of security that helps keep your accounts (and your data) protected.✅
You’ve probably used it many times before: login, then confirm your identity with a code or notification on your phone. Quick, simple, and much harder for scammers to break into.
Helpful things to know:
➡ You can set up multiple authentication methods in case your phone isn’t handy.
➡ For international students, the Microsoft Authenticator app is your best bet abroad.
➡ If you’re using a personal device, select “Remember Me” to skip the extra step for 30 days.
➡ If you ever receive an alert from the Authenticator app, text, or phone call that you weren’t expecting, report it immediately to Information Security and note the date and time you received it.
Two-step login protects your account. But it also protects your grades, your financial aid info, and the people you collaborate with on campus.
- Learn more: Two-step Login Frequently Asked Questions
Job Scams
Scammers know what students are looking for — internships, side gigs, research positions. That’s why fake job offers have become a go-to phishing tactic on LinkedIn, job boards, email and other social platforms.
Some red flags to watch for:
🚩 The “job” finds you, not the other way around.
🚩 You’re asked to provide personal info (like your SSN or bank account) right away.
🚩 It sounds too good to be true — high pay, minimal work, vague responsibilities.
🚩 You’re asked to pay upfront for equipment, software, or onboarding.
If you’re ever unsure, stop and check. Ask a trusted advisor, or report it to the UMass IT security team. These scams can compromise your identity, your finances, and even university systems if you’re logged in when responding.
- The UMass Job Board has more good info about job scams.
Generative AI
Using ChatGPT, Copilot, or another AI tool to help with your work? You’re not alone. But keep in mind that not all data is excluded from model training. Some data may be used to train generative AI models (large language models, or LLMs), especially if you're using a free version.
UMass Amherst uses data categorization levels to help define what kind of information can be shared where:
1️⃣ Level 1 (Public) – OK to share
2️⃣ Level 2 (Internal) – Keep it inside UMass systems
3️⃣ Level 3+ (Sensitive or Confidential) – Handle with care
Here’s the bottom line:
Don’t put student records, research data, grades, financial info, or anything else non-public into a free AI tool.
If you’re using AI for work or academic projects, use the UMass GenAI Platform or Microsoft Copilot (with your NetID) — both are approved for internal and sensitive data.
- Want to know what’s safe to use where? We’ve got a short guide.