Good afternoon!

Today I want to let you know about another “job offer” scam. I also want to answer a user’s question about the Dark Web and data that may be found there. And, finally, I am going to give you some easy instructions for setting up MFA for your non-UT accounts and apps.

Current Threats

• Internships (phishing)
  • The sender varies but is using a gmail account.
  • The subject is INTERNSHIP STUDENT OFFER.
  • The content says, “ITS A  POSITION OF A REMOTE ASSISTANT / BOOK KEEPING / DATA ANALYST JOB.”
  • The message goes on to say that you will earn up to $520 weekly from the hob and that you only have to work 4-5 hours per week for this “campus remote part time job.”
  • The person you are to contact about the job is only shown in an email address in the dr.com domain, which is an immediate sign of this being a risky email.
  • Please note the incredibly error-laden email, which is also a sign of a scam email.
  • Please do NOT respond to the email.
  • If you get this email, please forward it and the Internet header using Reporting Phishing Attempts.
  • And PLEASE remind your students that this type of email is NOT legitimate, as the only way they may know this is by you sharing this information.

Ask Your CISO

• Why am I getting notices from different companies saying that my Social Security number had been found on the Dark Web and what should I do?
  • This is another great question and I want to start by explaining the Dark Web.
  • The Dark Web is a small part of the Internet that isn’t accessible by most users and is a hub for cybercriminals who commit illegal activities such as identity theft, credit card fraud, and malware distribution.
  • The Dark Web includes websites that cannot be indexed by search engines like Google and Bing.
  • The following are some examples of what can be found on the Dark Web.
    • Data that has been stolen during major data breaches can be found here, including SSNs.
    • Account details, including passwords, for hacked accounts, such as email, social media, etc., may be found here.
    • Financial data such as cloned credit cards, PIN numbers, online bank account logins, etc., may be found here.
    • And there are many illegal goods and services that can be found here.
  • Not only do some emails mention your SSN has been found, some may say that your password, credit card number, or other sensitive data has been found.
  • The first thing to do is to consider who the email is from.
  • If a credit card company or bank is supposedly contacting you, is this a company/bank you are using now or maybe even used in the past but closed your account?
  • If you are doing or have done business in the past with the company that claims to be notifying you, please contact that company via phone using the known phone number for the company any NOT a phone number in the email.
  • When you call, they can verify if the email was valid or not and they can give you the appropriate steps for whatever the situation may be.
  • You may need to close some accounts, but the appropriate companies will work with you.
  • If you were notified by a company you have not used in a long time, consider this…data is harvested on the Dark Web and sold possibly years after the data was originally stolen.
  • The first thing you should do after verifying you have received a legitimate email saying your data has been found on the Dark Web is to start changing your passwords for any and every account that you have, using unique passwords for each.
  • Next, start checking all your other accounts that you haven’t been notified about.
  • Check your credit reports…and keep a close eye on them for years to come.
  • For a stolen Social Security Number, file an FTC report on identity theft at https://identitytheft.gov/.
  • Visit https://login.gov to get access to participating government agencies, which will allow you to create an account that will streamline your processes and keeps you from having to remember multiple usernames and unique passwords.
  • And please don’t hesitate to contact me immediately if you get such an email, as I know it is hard to remember all the things to do, especially when you are in a bit of  shock.

Turning On Multifactor Authentication (MFA)

• MFA provides an extra layer of security when you log into your online accounts and apps.
• You are most familiar with Duo, which UT uses for most of its accounts and apps.
• But you can protect yourself and your non-UT accounts and apps by turning on MFA whenever it is offered.
• Your MFA codes can be sent via text or email, or may be generated by an app (e.g., Google Authenticator) or biometrics like fingerprints and facial recognition.
• Follow these steps for each account and app:
  • Go to Settings, but may be Account Settings, Settings & Privacy, or something similar.
  • Look for and turn on MFA, also known as two-factor authentication, two-step verification, or something similar.
  • Confirm how to provide the extra login security, which can vary by account and app.
• By using MFA you now have an added layer of security that requires a quick verification by you so that if someone has obtained your password, they won’t be able to continue into the account without that extra step.

Thank you for the questions and comments you have had this week. I always appreciate hearing for you and helping in any way that I can.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!