IT implementing new password reset process 

A lock icon, and security code show on the change password page

Trying to stay a step ahead of ever-evolving cybersecurity threats is a daily task, with bad actors enabling various strategies to gain access to private information.  

Everyone has experienced phishing emails when these outsiders pretend to be someone else and try to lure us to share passwords. But a new trend is seeing these malicious people impersonating employees to try to reset the employee’s passwords.  

The following is what you need to know about these new cybersecurity threats, how to recognize them and what to do to reset the password in case the user forgot it or got locked out. 

What are impersonation attacks 

Impersonation attacks occur when a malicious actor poses as a legitimate employee to gain unauthorized access to sensitive systems or data such as usernames and passwords. These attacks can be highly sophisticated, involving detailed knowledge of the organization and its personnel. The primary goal is often to reset passwords, allowing the attacker to infiltrate systems, steal information or disrupt operations. 

How the attacks happen 

  • Social engineering: Attackers use information gathered from social media, company websites or other public sources to convincingly impersonate an employee.
  • Phishing emails: Fraudulent emails that appear to be from trusted sources deceive employees into divulging personal information or login credentials. 
  • Phone spoofing: Attackers may use technology to spoof phone numbers, making it seem as though a call is coming from within the organization. 

How to reset a password 

In the past, users may have called the IT Helpdesk to assist with resetting a password. But due to new cybersecurity threats of people calling and impersonating employees, a new, self-service password reset process is being implemented for safety. Now, go to myidentity.unmc.edu and then click “Forgot my Password” to reset it.

3 comments

  1. Corrigan McBride, MD says:

    It would be helpful if when creating a new password there was a popup to remind you how long it needed to be, if it needed capitalization, if it needed numbers or special characters.
    Instead I had to try 4 different things before I found one that met the minimum standards.

    1. Harold Schultz says:

      agree

    2. Shannon says:

      Agreed. It tells you that your new password does not meet the criteria, but it does not tell you what the criteria is.

Comments are closed.