Good Friday morning!
As we continue with Cybersecurity Awareness Month, I want to keep with the theme, Secure Our World. Each of us needs to do everything we can to maintain Confidentiality, Integrity, and Availability of the Institute’s and University’s data at all times. This means that we have to be aware and very cautious of what is being sent to us in email. CISA, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has three simple tips for avoiding phishing scams. In addition to their tips, I have added some information for extra clarification.
- Recognize the common signs
- Urgent or emotionally appealing language
- Ex: Reply to this email ASAP!
- Ex: Please help those affected by this latest disaster.
- Requests to send personal or financial information
- Ex: Pay this invoice now.
- Ex: Sign up for a financial consultation.
- Unexpected attachments
- Ex: Invoices
- Ex: Instructions
- Untrusted shortened URLs
- Ex: bit.ly in the URL
- Ex: tiny in the URL
- The use of URL shorteners like bitly and tiny are often legitimate, but cybercriminals often create these shortened URLs in order to mask a URL and redirect you to a malicious site.
- If you see a shortened URL you don’t quite trust, manually type it in to see if it is a legitimate shortened URL instead of clicking it.
- Remember that typing in a URL won’t launch malware, while clicking on a link will.
- Email addresses that don’t match the supposed sender
- Ex: <someones_netid>@gmail.com
- Any work-related email will come from “@utk.edu” per UTIA IT0110 – Acceptable Use of Information Technology Resources Security Policy (AUP), which states in item 2c that Users will use only the UT-provided email account for all Institute and University business.
- Also notice errors in the supposed sender’s use of account name, like “Utk,” “IT Helpdesk,” etc.
- Poor grammar, no punctuation, typos, misspelled words, really bad formatting
- Everyone makes mistakes, especially when in a hurry, but it is easy to tell a mistake from this kind of bad writing.
- Urgent or emotionally appealing language
- Resist and report
- Don’t click on any links or attachments.
- Clicking on a malicious link or attachment will typically initiate the installation of some form of malware.
- Don’t reply to the email if you have the least bit of doubt that it is legitimate.
- If you know the supposed sender, send them a new email asking them about the email you received, or you can call them at their known number.
- If the email appears to have come from a reputable organization, find that company’s contact information on their website and report the email you received.
- Forward the email to me if you would like for me to verify if it is legitimate.
- I am more than happy to take a closer look at the contents of the email and can often determine its validity while never having to click on links or attachments.
- Report using the instructions found at Reporting Phishing Attempts.
- Quickly reporting the scams to OIT Abuse will often mean that the scam email can be pulled from all UTK email accounts to prevent others from clicking on things.
- Don’t click on any links or attachments.
- Delete
- Delete the message after Reporting Phishing Attempts.
- Do not reply.
- Do not click links or attachments.
- And please do not click “unsubscribe,” as this action will often contain malware that will being installing when you click.
Thank you for all your questions and comments. I am here to help you in any way that I can.
Sandy
Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!