Carnegie Mellon University
February 17, 2017

Confirming Legitimate Email: “Action Required: Launch of New Security Measure”​

Dear Members of the Carnegie Mellon Community,

Some of you have expressed concern about a suspicious link in a recent campus-wide email sent on 2/15/2017 with the subject “Action Required: Launch of New Security Measure.” We want to assure you that this email is legitimate. It is NOT a phishing email.

First, I want to recognize and applaud the individuals on campus who rightly paused when confronted with one of the possible markers for a phishing email. This email was sent utilizing an outside vendor that generated a third party link, which was safe, but as some of you noticed, not a part of

Senior leadership has asked our office to work with Computing Services and Marketing & Communications to evaluate and explore the use of such email links and platforms and report back. Rest assured, the security of our campus communications will be the highest priority. As a reminder, you may always contact Computing Services via  or 412-268-4357 (HELP) to verify the authenticity of an email that you receive from CMU leadership.

In the meantime, I want to use this opportunity to encourage you once again to adopt one of our most important security measures, Two-Factor Authentication. More than 2,000 members of our community have now signed up for 2fa, and if you have not yet done so, please take a few minutes to enroll via Computing Services’ website:

Thank you again for being active partners as we work towards the university’s information security goals.


Mary Ann Blair
Director of Information Security
Carnegie Mellon University