CCIT News and Notices

CCIT This Week: Tech checklist for graduating seniors; learn how to reactivate Duo on a new mobile device

Posted on by Tara Stone

Week of December 15, 2025

Welcome to CCIT This Week, where we give you a rundown of news, events, tips and more. Follow us on social media for information and timely updates.

CCIT This Week will return in January 2026. We hope you have a restful Winter Break, Tigers!

News

Graduating seniors, don’t lose your stuff! Graduation is an exciting time for every Tiger, but it unfortunately does mean a change to some of the software and services you’ve grown accustomed to during your time at Clemson. Learn how to prepare your technology and data before graduation.

View the graduation tech checklist >>


Clemson’s CheckIT technology governance process has new updates to streamline approvals. Submit requests before making any purchase to avoid delays, and have the actual user submit rather than a proxy for faster processing. Recent updates include an expanded exceptions list, particularly for faculty using free research applications on the Palmetto Cluster.

Learn more about updates to the CheckIT process >>


Beware of SEO poisoning, where cybercriminals manipulate search results to push fake websites to the top. These malicious sites can steal your credentials or install malware. Protect yourself by carefully checking URLs for misspellings, being cautious of sponsored results, and typing trusted website addresses directly into your browser instead of searching for them.

Learn more about SEO poisoning >>

December Tech Tip

Getting a new device over the holidays? Learn how to reactivate Duo Mobile on your new phone or tablet to continue accessing Clemson systems. Of course, CCIT is here to help if you have questions!

Learn how to reactivate Duo Mobile >>
Posted in News

“Do I Keep My Email?” And Other Tech Questions From Graduating Tigers

Posted on by ccitnews

Graduation is an exciting time for every Tiger, but it unfortunately does mean a change to some of the software and services you’ve grown accustomed to during your time at Clemson. Luckily, with a few minutes of review, you can prepare your technology and data for graduation.

Frequently Asked Questions

Do I keep my Clemson Google account?

Graduates will have access to their Clemson Google account for one year following graduation. Please note that forwarding of your @clemson.edu email address will cease soon after your username is deactivated. We suggest updating your contacts or accounts to use a different email address so you don’t lose anything when your account is closed.

We recommend you move your Google Drive files to another cloud storage service or personal Google Drive account in preparation for the closure of your Clemson Google account after one year. You can use Google Takeout (takeout.google.com) to export your Google account data if you wish to store it elsewhere, or you can use the transfer service (takeout.google.com/transfer) if you plan to move it to another Google account.

What about the files in my other cloud storage accounts?

  • Your access to Box and OneDrive will end one year after graduation. We recommend that you download your files from those accounts as soon as possible, so you don’t forget about them. 
  • Any files you create and manage in CUapps (Citrix) are stored on your U: drive (also called Home Directory). You will have access to your U: drive for one year after graduation, so be sure to download those files before you lose them. The CCIT Knowledge Base contains instructions to access your U: drive for macOS and Windows.
  • If you use the Palmetto Cluster or any of Clemson’s research computing storage, we recommend you download your data from there as well. For research computing assistance, contact Research Computing and Data.

What software do I keep?

Once you graduate, you will no longer qualify to reinstall Clemson’s site-licensed software.  Access to the Adobe Creative Cloud will be disabled upon graduation as well. Make sure to save copies of your Adobe files, projects and assets, or use these instructions from Adobe on how to transfer your assets to a new Adobe profile. 

Can I download my submitted Canvas assignments?

Yes. Visit our CCIT Knowledge Base for step-by-step instructions.

Is there anything else I should do?

  • Save a copy of your unofficial transcript after final grades are submitted. After your Username is deactivated, you will no longer be able to access your unofficial transcript—we suggest you save a copy sooner rather than later. After your Username is deactivated, you will have to request an official copy for a fee, as directed by the Registrar’s transcripts page.
  • Save a copy of your tax records. After your Username is deactivated, you will no longer be able to access iRoar for your billing information. If your account is deactivated and you need to get these records, contact CCIT at (864) 656-3494.

If you have any questions or need assistance, please contact CCIT Support by calling/texting (864) 656-3494, emailing ITHELP@clemson.edu or starting a chat by clicking the orange chat box on this page.

Posted in News

SEO Poisoning

Posted on by Patrick McGee

Have you ever searched for something on the internet using your favorite browser search engine and gotten results that are completely wrong? For example, you search for your specific car insurance company’s official website. However, the top results you see may list the name of your car company, but the website URL is not your company’s official website.

These types of results can be caused by Search Engine Optimization (SEO) Poisoning. In this type of attack, cybercriminals employ various methods to manipulate search engine results, attempting to redirect traffic to their malicious websites. On these fake websites, users may be prompted to enter their personal account credentials, which the attackers will steal, or the fake sites may include malware that is unknowingly downloaded to the user’s computer.

To avoid SEO Poisoning:

  • Always visually verify links before clicking. Examine the URL carefully. Look for name misspellings or letter substitutions in the domain name. Double-check that the domain extension (.com, .edu, .gov, etc.) is correct.

  • Be skeptical of the top results. Many of the first results are often “sponsored” results, meaning that they are paid to be listed first, regardless of your actual search results.

  • Go directly to official websites. If you know the URL of the actual website you want, such as Amazon, then type “amazon.com” directly into the browser address bar, rather than searching for “Amazon”.
Woman holding phone with text displayed over image saying "Search Engine Poisoning" and a poison symbol.

Posted in Cybersecurity Alerts

Online Holiday Shopping Tips from CCIT

Posted on by ccitnews

An older woman shops on a laptop while holding her phone, with holiday decorations in the background.To help promote awareness during the holiday shopping season, the CCIT Office of Information Security would like to share some safe online shopping tips.  Best wishes to all during the upcoming holidays!

For more tips about staying safe online (and beyond), visit the CCIT Cybersecurity page.

Shop at secure websites that you trust

Play it safe by doing online business with trusted retailers you have shopped with before.  If you are tempted to buy from a new website, research the company name before providing your payment information.  When making credit/debit card payments look for website addresses that start with HTTPS and have a lock icon, which indicate a secure website.

Avoid public Wi-Fi

You might be tempted to shop online at a coffee shop or other location with free Wi-Fi.  Browsing the websites may be acceptable, but do not make credit/debit card payments from a public Wi-Fi unless you have started a VPN (Virtual Private Network) session from your device.  VPN creates a secure tunnel, making your data safer from interception by nearby hackers. Clemson has a free VPN you can use with your Clemson username, password and Duo authentication. You can find more information in our Services section, and if you’re using a computer, you can find step-by-step instructions in our Knowledge Base.

Create strong, unique passwords

Use a unique pass phrase for each website, and keep it private.  Do not use your University password when creating accounts with online merchants.

Beware of fake delivery notifications

With packages often delayed, be wary of fake shipping alerts. Don’t click on links from delivery notification emails or texts you aren’t expecting, especially if they require “verification” from you. Visit the delivery company or vendor’s website to track your package safely.

Watch out for email scams

Holiday deals presented via email are tempting, but if the advertisement seems too good to be true, it probably is. Instead of clicking on an email link, view information directly from the merchant’s website. And don’t forget, if you get something that looks like an email scam in your Microsoft Outlook, report it to CCIT with our button.

Don’t give out too much information

Merchant websites should never prompt for your social security number.  Other than your shipping address and phone number, be very wary when asked for personal information.  Call the customer service line when in doubt.

Check your statements and take action immediately

Regularly check your bank and credit card statements for unauthorized transactions, and set up account activity alerts wherever possible.  If you suspect a fraudulent transaction has occurred, immediately contact your bank or credit card company to report the unauthorized activity.

Know how to spot a package delivery scam

Scammers are sending fake delivery notifications claiming a package can’t be delivered, then directing victims to click a link or submit personal or payment information. These messages often look legitimate but are designed to steal credentials or financial data. Learn how to recognize these scams and always verify delivery claims through official carrier websites.

Posted in News

CheckIT updates to further streamline the technology governance process

Posted on by ccitnews

Clemson University’s technology governance process, CheckIT, continues to evolve to better serve faculty, staff and researchers as they evaluate, purchase or renew technology solutions.

University employees are reminded to complete the CheckIT process before making any purchase or contract commitment. Submitting a request after a purchase has already been made can lead to delays, unplanned costs or—in some cases—inability to approve use of the product.

To help ensure timely approvals, CCIT also encourages the actual user or project owner, rather than an administrative assistant or proxy, to submit CheckIT requests. The person who will be using the software or service is often best equipped to answer the technical and usage questions that determine risk and compliance. Requests submitted by individuals without the necessary details slow down the process for everyone.

Recent updates include an expanded exceptions list, particularly benefiting faculty using free research applications on the Palmetto Cluster. If you are in doubt about whether to submit a solution for review, please reach out to itgov@clemson.edu.

Finally, campus users should begin preparing for the end-of-year freeze period in mid-December through the first week of January. New requests during this time will not be processed until the new year.

For more information, including the updated exceptions list and submission guidance, visit clemson.edu/ccit/checkit.

Posted in News

Shred Your Documents At A Free Campus Event

Posted on by ccitnews

On Monday, November 17, 2025 the thirteenth annual Shred Bowl event returns to Clemson University’s campus. This document shred day is a free opportunity for Clemson staff, faculty, students and community members to bring their documents to be destroyed in a safe environment. Document shredding is another way to protect important personal information and is a strongly encouraged best practice. Please note that this event does not include official Clemson University records. Faculty and staff are encouraged to follow the guidelines from Records Management for guidance on any official University records.

This year’s event will occur in the Littlejohn parking lot between 10 a.m. and 2 pm. (219 Perimeter Rd, Clemson, SC 29634). Each vehicle is limited to three (3) boxes (copy paper box or smaller) or three (3) bags (kitchen trash bag or smaller). It is not necessary to remove binder clips, binders, paper clips, rubber bands, or staples. The image below shows where the shred truck will be located:

For more information about this year’s Shred Bowl with Shred 360 event, please visit this link.

Posted in News

AI Summarization Vulnerability

Posted on by Patrick McGee

Artificial Intelligence (AI) continues to grow in popularity as a tool that can help users do all sorts of things. Unfortunately, cybercriminals understand that and are also using AI for their scams.

One of the common ways that people use AI is to have it summarize content, such as an email, a large document or a spreadsheet. But cybercriminals are taking advantage of that AI usage by embedding hidden and malicious AI instructions in files that are unseen by the user.

For example, a user could receive a lengthy email, and they use AI to summarize the message. But embedded in the email could be a hidden, malicious AI prompt that could force your AI program to search for and read other sensitive emails and documents, which could then be sent to the attacker.

Even documents like an Excel spreadsheet that you ask AI to summarize could contain hidden white text on a white background across multiple sheets, which contain AI task modifications and commands that could hijack your AI’s processes and behavior.

To help avoid falling for this type of scam, users should not open files from people that they do not know, nor open a file that they are not expecting. Also, you should carefully consider what content you have AI summarize or process for you, as well as monitor any AI outputs very closely.

A hooded hacker, masked and cloaked in a dark background, holds artificial intelligence circuitry.
Posted in Cybersecurity Alerts

How to update your preferred first name in Microsoft 365 

Posted on by ccitnews

As Microsoft updates are applied, some Clemson University faculty and staff may notice changes to their names on the Microsoft 365 accounts or in Outlook. To modify or revert your first name back to a preferred first name, there are a few steps to follow:

  1. Go to: my.clemson.edu
  2. Click: the top-right profile icon and select “log in”
  3. Log in: using your Clemson credentials
  4. Click: on your profile picture in the upper right corner
  5. Select: “My Profile”
  6. Click: “Set a preferred name”
  7. Review: the information, select “I Agree,” enter your preferred name (32 characters or less, alpha characters, space, or hyphen only), and select “Save”

Please note that these changes may take a day to update across the systems. If you have any additional issues or questions, contact your area’s IT consultant or the CCIT Support Center.  

Posted in News

Accessing Kronos Beginning September 8, 2025 

Posted on by ccitnews

Following a recent update to Kronos, University users will now need to use a new link to log in. The new Kronos URL, effective September 8, 2025, is: https://kronos.app.clemson.edu/

If you currently have the old Kronos link saved in your bookmarks, please update it to the new URL.

For Kronos mobile app users:
If you use the Kronos mobile app (also known as UKG Workforce Central), follow the instructions below to update the server URL within the app settings to the new URL. Open the UKG Workforce Central settings, remove the old server URL and replace it with: https://kronos.app.clemson.edu/wfc

From an iPhone (pictured left):

  1. Open Settings
  2. Select Apps
  3. Select UKG Workforce Central
  4. Paste https://kronos.app.clemson.edu/wfc in the Server URL field.

From an Android phone (pictured right):

  1. Open the UKG Workforce Central app
  2. Tap on the three vertical dots on the bottom menu bar
  3. Select Settings
  4. Select Server Address
  5. Paste https://kronos.app.clemson.edu/wfc in the Server Address field
  6. Select ‘OK’
Kronos app settings for iPhone (left) and Android (right)

Please note that the app may take a few minutes to load after changing the Server URL. Follow these instructions if you need to set up the Kronos app on your device for the first time.

If you are still having issues accessing Kronos via web or mobile, contact the CCIT Support Center or your area’s IT consultant.

Posted in News

SharePoint File Share Fake

Posted on by Patrick McGee

Clemson University users are experiencing an increase in a SharePoint-related cyberattack, like the email pictured below. In this scheme, cybercriminals have likely already compromised a legitimate user and are using the account’s SharePoint site to send a document share email to other users. Sharing files through this method can sometimes circumvent security tools, which could possibly detect these malicious files.

The shared file could be a Word document, a PDF or a similar type of file. The file can contain malware that would infect your computer if you opened it, or it may ask you to log in with your Clemson credentials before you can see the file. This would allow them to steal your login and password information.

To avoid this scam, you should do the following:

  • Always use extra caution before opening any file sent to you, especially if you do not know the sender or if you are not expecting a file.

  • Avoid opening an email attachment file if you see the External Sender banner on any email. Those emails are coming from someone outside of Clemson.

  • Before logging in with your Clemson credentials, you should first verify that the URL has “clemson.edu” as the domain address.

  • If you do receive an email that you are unsure about, please use the Report Phishing button in Outlook, and the CCIT Security Team will be happy to investigate it for you to determine if it is legitimate and safe to open.

Screen shot of email from SharePoint asking to share a file with user. Email has the External Sender banner on it.

Posted in Cybersecurity Alerts1 Comment on SharePoint File Share Fake