Information Security – University of Florida Information Technology News

Slam the Scam, Gators!

Posted on March 7, 2024

March 7, 2024, is national “Slam the Scam!” day. This annual federal outreach initiative was launched during the pandemic to call attention to phone, direct message (DM), text, and email crimes. These scams have intensified and become more sophisticated. Here are some warning signs to be aware of to help you slam the scam:

You are contacted unexpectedly by phone, email, text, DM, or pop-up message with a request for personal information or money. These crimes are successful because scammers use convincing stories: there’s a problem with your account, there’s a hold on your classes, there’s an issue with a package delivery, or an emergency with a loved one. Scammers pretend to be someone important who needs help, or pose as an employee from a familiar organization. Scammers tell you it is urgent you take action and often create fake caller ID information. If you get asked for personal information or money, make sure you verify the person who has contacted you before acting on any request. If it is a legitimate request the person will not mind. And never click a link or download an attachment from someone or an organization you don’t know.

Scammers use emotional triggers, like love or fear, to trick you into taking action. You may be asked to send a wire transfer or to purchase pre-loaded debit cards or gift cards. Another popular (read: successful) scam is receiving a check that is for more than expected, with the scammer asking you to repay the overage via the code from a pre-paid gift card or by a bank transfer.

The scammer might ask for your GatorLink credentials, bank account number, UFID, or even your Social Security number. Scammers often direct you to a website that looks legit (but isn’t). They’ll ask you to enter your name and password using pop-up messages on your computer or your mobile device, with a request to allow a software program to run. Don’t do it! Sometimes scammers provide a callback number or say that you can trust Caller ID when you question them. Remember…When in doubt, don’t give that information out!

It has become commonplace to receive scam texts (“smishing“) and phishing emails. The best protection from scammers is to familiarize yourself with how scams work. If you receive an email in your GatorMail that makes you suspicious, click on the Phish Alert Button in MS Outlook located on the top right of your email, or forward it to abuse@ufl.edu.

Phishing vs. Spam

Posted on November 20, 2023December 11, 2023

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.

The Personal Cost of a Cyberattack

Posted on November 2, 2023

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Help UF Win the Cyber State Championship!

Posted on October 9, 2023October 9, 2023

The Cyber Bowl is back! To spotlight Cybersecurity Awareness Month, UF has challenged nine other Florida universities to beat us on the virtual football field. The 2023 Cyber Bowl is an online competition, held Oct. 9 – Oct. 20. The Gators are competing for the title of State Champions against Florida State University, the University of Central Florida, the University of Miami, Florida Gulf Coast University, University of West Florida, University of North Florida, Florida International University, University of South Florida, and New College.

The Cyber Bowl consists of five questions, each related to social engineering. So, how do the Gators win?

The university with the highest percentage of faculty, students, and staff game players (based on their population number for each affiliation) wins. All that’s needed to register your entry in the game is a valid UFL.EDU email address. Every participating university is answering the same five questions. Just for playing in the Cyber Bowl, you’ll be entered to win a pair of tickets to the sold-out Florida-Florida State game on Nov. 25! UFIT will randomly select the winner from all game entries after the Cyber Bowl ends. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions.

To play, visit cyberbowl.security.ufl.edu anytime between Oct. 9 – Oct. 20 and answer the questions. Make sure to enter your GatorLink credentials at the end of the game, so your entry is counted for UF. Thank you for participating in this year’s Cyber Bowl… and GO GATORS!

Email Encryption Options in GatorMail

Posted on August 17, 2023

GatorMail’s security features like the phish alert button, spam folder, and email encryption help protect users from cyberthreats and provide a secure email experience. GatorMail email encryption is a proactive way to require authentication, protecting sensitive or restricted information from being seen by unauthorized viewers. Note that encryption options are only available for UF community members who have the Outlook desktop app or its web client version run from a computer. Neither Outlook’s mobile client or the web version when being used on a mobile device offer the encryption options.

GatorMail offers four encryption options:
● Encrypt Only: Encrypts email contents and may require authentication to read
● Do Not Forward: Prevents recipients from forwarding the email
● UF Confidential: Allows recipients to modify content but blocks copy/print privileges
● UF Confidential – View Only: Read-only permission for the recipients

UFIT has screen captures showing step-by-step visuals for encrypting emails. Encrypting an email means its contents are only readable by the person you sent it to, and cannot be intercepted. Faculty and staff who would like assistance with GatorMail are welcome to call (352-392-HELP/4357), email, or visit (132 Hub) the UFIT Help Desk.

Updated Info Security Training for 2023

Posted on July 13, 2023July 16, 2023

Just in time for the new academic year! UF’s Information Security Office has updated its mandatory annual training. Faculty and staff will receive an email reminder on their one-year anniversary of their previous training completion date, but can take the training any time. There are six modules in the training and they take approximately 35-45 minutes to complete. Visit this page to take the training.

The number one cause for compromised GatorLink accounts is when a student, faculty, or staff member opens and responds to a phishing email.

Students can take the phishing module that’s part of the full training. The stand-alone phishing module is a great way to become better informed about how cyber-criminals operate. Now that you’ll be interacting with campus departments and faculty (who cyber-criminals will try to impersonate), students are strongly encouraged to learn how phishing works. Students can find the link to the phishing module training in the ONE.UF menu. The 15-20 minutes you invest in taking the phishing training can pay off in a big way when you learn how to spot and report malicious emails, instead of opening one and inadvertently bringing on a world of hurt on yourself…and potentially your university.

Safely Use Virtual Payment Apps

Posted on May 4, 2023

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.

Beware of Scam Texts and Phone Calls

Posted on May 12, 2022October 2, 2022

Have you received a strange text like this one (pictured)? Smish alert! Smishing and vishing are like phishing, except scammers use different devices to try and trick you into giving up personal information.

Smishing is done through text messages, while vishing happens through phone calls. Smishing attackers are also using instant messaging apps, like WhatsApp!, as well as LinkedIn and Facebook to reach new victims. What do they want? The same things that phishing scammers are after: personal information, account passwords, and your money. Often, scammers employ social engineering tactics by pretending to be someone you know or represent a familiar organization.

The best way to handle smishing and vishing attempts is simple: Delete the message or hang up! As an added measure, depending on your device and cellular provider, you may be able to block and report the sender. It only takes one click, call, or responding to one message to have your personal information stolen or credit card maxed out. And, if that stolen personal information leads to figuring out how to use your GatorLink credentials, then you, your friends, professors, and anyone else on the UF Network could be impacted.

If you are unsure about a communication purporting to be from a UF department–email, text, or phone call–you can always check with the UFIT Help Desk.

Creating Opportunities in Our Community

Posted on October 28, 2021January 30, 2024

In summer 2021, UFIT reached out to Santa Fe College to initiate a partnership for students from populations underrepresented in technology fields. This new internship program provides hands-on work experience and mentoring by UFIT staff. Eight interns began their work experience this fall, and three–Joseph, Lauren, and Jerrell–chose to intern with UF’s Information Security Office. Here’s a brief look at our information security interns:

Joseph who has already earned his A.S. in Network Security, has learned a lot thus far, including how the risk assessment process works and the security aspects of firewalls.
“I learned how to categorize risk assessments. Risk assessments help with security because you are looking from the outside in and it gives you better insight when analyzing how data flows through the network.”

Programming major Lauren wants to become a QA engineer. She likes testing and making sure apps are secure and accessible to everyone, especially those with special needs. “I am very grateful for this internship and appreciate how patient everyone is as I learn new tools like T4. I want to try to help everyone because I know technology can be difficult for some.”

Information Systems Security major Jerrell plans on earning a master’s in cybersecurity information assurance and then work in penetration testing. He has gained much from this internship: “I’ve learned a lot about HIPAA and FERPA compliance, and enjoy sitting in with the monitoring team, which is an area I’m interested in professionally. ISO staff have given me career advice, and I appreciate them pushing and guiding me into my purpose.”