Good afternoon, everyone.
Today I want to tell you about a repeating current threat. And I want to take this time, particularly with Black Friday being one of the busiest online shopping days of the year, to remind you of the ways hackers use this extremely busy and hectic time to try to steal your information and your identity.
- Quick and Vague Request (spear phishing emails)
- I have had many reports of another round of these emails this morning.
- This one appears to be coming from one of our Deans.
- However, the sender’s address is “firstname.lastname@example.org” but shows the Dean’s name before the address.
- The subject is Send me your available text number.
- The email does not have any actual content.
- This same spear phishing attempt was sent to many others throughout the UT System last week.
- Remember that this kind of email would not happen because it is against UT policy to send anything work-related from a non-UT email.
- Our leadership would also never ask you to go purchase gift cards on their behalf and tell you that they will pay you back later.
- Please report this kind of email by forwarding the email and its Internet header using Reporting Phishing Attempts.
- You can see information about past scams by going to UTIAsecurity Knowledge Base and clicking on the tag you’re interested in on the left.
Staying Safe Online During the Holidays (and any other time!)
- As you know, we see plenty of phishing/spear phishing/smishing/vishing attacks all year long.
- However, Cisco published a report that estimates these types of attacks spike around the holidays, reporting a peak of over 50% in December alone.
- Hackers tend to choose this time of year to use these scams in order to steal personal information, financial data, and identities.
- Hackers like to send holiday-themed emails that appear to be from trusted sources like well-known retailers and may look quite real to include “exclusive deals,” while the links will take you to fake websites and clicking the link will begin the installation of malware.
- Hackers also like to send emails that appear to be from well-known charities so you will make a donation that goes straight into a hacker’s account.
- Hackers send emails that appear to be about a failed delivery, hoping you will click on the link or download an attachment containing malware.
- Hackers will impersonate friends, family, and co-workers asking for money or personal information for a holiday emergency, gift exchange, etc.
- So, how can you avoid being the victim of such scams?
- ALWAYS verify the sender by checking the email address, spelling, and domain, while keeping in mind that legitimate companies (and UT!) will always use their official domains for communications.
- ALWAYS beware of emails that have a sense of urgency or leaving you feeling like you have to act without thinking.
- ALWAYS double-check any website before entering your personal or financial information and make sure it has “https://” in the address to show that it is a secure site.
- ALWAYS use multi-factor authentication if it is offered for any shopping or banking account and use a trusted app like Google Authenticator.
- ALWAYS think about the content and if it makes sense (e.g., Did I order something that should be delivered by <whomever> on the date the message says?), then go to the sender’s known site to verify if you really have whatever it is the email is telling you about.
- NEVER click on a suspicious link, but do hover over the address and see if the URL matches the sender’s domain or manually type the URL into the address bar.
- NEVER share sensitive or personal information via email or text, even if the request seems legit, but instead call the known number of the person making the request so you can ask questions before sharing any information.
- ALWAYS report if you are a victim of fraud (see Reporting Cybercrime).
I want you all to know how thankful I am for each of you and the work you do, especially when it comes to keeping the Institute and yourself safe from cyber threats!
Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!