Undergraduate Scholarship Opportunity in High Performance Computing and AI

Interested in high performance computing and AI? A National Science Foundation grant awarded to Assistant Professor Mickey MacKie and supported by UF Information Technology (UFIT) is open to two undergraduate women.

The two selected students will have the opportunity to develop their project utilizing the university’s supercomputing resources. Students will also receive a financial stipend along with mentoring throughout their project’s lifecycle. Additional details about this undergraduate research opportunity, along with the application form, are available here:

https://ufl.qualtrics.com/jfe/form/SV_eVvjmoKeH4XbrCu.

Dr. MacKie and AI Support Manager Ying Zhang are accepting applications for the Women in High Performance Computing Scholarship through 5:00 p.m. on Friday, March 15, 2024. Undergraduates from all disciplines are welcome to apply! Students with questions prior to submitting their application are welcome to contact Ms. Ying Zhang.

Spear Phishing on the Rise

A more personalized, sophisticated, and invasive form of phishing is on the rise: Spear phishing. Spear phishing is a social engineering tactic used to steal sensitive information from a specific person or group by tailoring the message. For example, an attacker could pretend to be an IT staff member from your college to trick you into revealing your GatorLink credentials.   

While regular phishing attempts try to scam as many people as possible through generally deceptive language, the personalization of spear phishing attacks makes them more effective and more dangerous. Barracuda‘s 2023 Phishing Trends Report found that spear phishing emails make up less than 0.1% of all emails sent yet cause 66% of all breaches.

There are several signs to look for if you think you have received a spear phishing email in your GatorMail. Is the email address domain from a legitimate organization? If the email appears to have come from a UF email address, utilize the UF directory to confirm the sender’s contact information. Also, hover your cursor over any links in the email and review the URL before clicking on it. Be wary of overly friendly language or strange use of slang, imperfect sayings or misuse of English. Cybercriminals frequently use language that indicates urgency (like “ASAP” or “URGENT!”) in spear phishing attempts.

If you get a spear phishing message in your GatorMail, immediately send it to the Information Security Office using the phish alert button. If you’ve fallen victim to a spear phishing message and unwittingly provided your UF username and password (i.e., your GatorLink credentials) to a scammer, then contact the UFIT Help Desk at once (352-392-HELP/4357). When you report that your account has been compromised, staff will help you change your password and do everything they can to minimize the impacts of the account compromise.

The Institutional Impacts of a Cyberattack

Higher education is facing an exponentially growing threat: Cyberattacks. Check Point Software reports educational institutions experienced an average of 2,507 cyberattack attempts per institution per week in the first three months of 2023 alone! Universities and colleges are at a high risk of suffering a data breach or a ransomware attack because the amount and types of data created and stored is extremely valuable to cybercriminals–data like student records, banking information, protected health information, and research data. Restricted data falling into the wrong hands can be devastating for UF, its constituents, to university business partnerships, and for funding from federal and state agencies. The welfare of the campus community and even our recruitment capabilities are all on the line.

Information security is our shared responsibility! Faculty, students, and staff must all be aware of what’s at stake, and do their part to help protect UF from cyberattacks. According to a 2023 IBM Security report, data breaches initiated through compromised credentials (such as GatorLink login information) take the longest for institutions to resolve and can be incredibly costly. Help prevent data breaches by practicing caution when opening any email received in your GatorMail marked [EXTERNAL EMAIL]. These emails come from outside the UF organization and could potentially be phishing attempts. Pay close attention to any email requesting your GatorLink login or other personally identifiable information, and report suspicious messages directly to UFIT with the phish alert report button in the top right corner of your GatorMail.

UFIT’s Information Security Office’s website has recently refreshed its online presence with new resources. Take some time to visit https://security.ufl.edu/protect-yourself/social-engineering/ and learn about different types of cyberattacks and some best practices for protecting yourself…and UF.

What To Do When You Get a New Device

Did you get a new laptop or smartphone over the winter break? You’ve invested in a new device so take the time to ensure it is cyber-secure and prepared for your campus life needs. Here are three steps to prioritize before you spend your life on that new device:

  1. Whether you plan on donating or reselling your old device, before doing so, back up all data into a secure cloud or drive to keep it safe and private, so it’s available when needed. According to Wired, you should wipe all of your old device’s data by factory-resetting your device (an option in your device’s settings options) to safeguard your information from falling into the wrong hands.  
  2. Set up the new device for use with DUO to approve GatorLink logins. Also, configure your device to eduroam to have the fastest internet available on campus. 
  3. When creating a password or PIN for your new device, don’t even think about using ‘1-2-3-4’ or ‘2-5-8-0’, Gators! If possible, avoid saving personal login info and payment details because if you do, cyber criminals can easily steal these if they hack into the device.

Visit https://security.ufl.edu/protect-yourself/protect-my/mobile-device/ for more tips on keeping your devices and information secure.  

Phishing vs. Spam

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.


The Personal Cost of a Cyberattack

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Help UF Win the Cyber State Championship!

The Cyber Bowl is back! To spotlight Cybersecurity Awareness Month, UF has challenged nine other Florida universities to beat us on the virtual football field. The 2023 Cyber Bowl is an online competition, held Oct. 9 – Oct. 20. The Gators are competing for the title of State Champions against Florida State University, the University of Central Florida, the University of Miami, Florida Gulf Coast University, University of West Florida, University of North Florida, Florida International University, University of South Florida, and New College.

The Cyber Bowl consists of five questions, each related to social engineering. So, how do the Gators win?

The university with the highest percentage of faculty, students, and staff game players (based on their population number for each affiliation) wins. All that’s needed to register your entry in the game is a valid UFL.EDU email address. Every participating university is answering the same five questions. Just for playing in the Cyber Bowl, you’ll be entered to win a pair of tickets to the sold-out Florida-Florida State game on Nov. 25! UFIT will randomly select the winner from all game entries after the Cyber Bowl ends. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions.

To play, visit cyberbowl.security.ufl.edu anytime between Oct. 9 – Oct. 20 and answer the questions. Make sure to enter your GatorLink credentials at the end of the game, so your entry is counted for UF. Thank you for participating in this year’s Cyber Bowl… and GO GATORS!

Change in Multi-Factor Login Begins Fall 2023

Rollout of the new multi-factor prompt for authenticating into services and websites this fall. Everyone will be moved to the new prompt by January 2024, since the company UF currently uses for its authentication service (DUO) is deprecating the current prompt on March 31, 2024. The schedule for moving the UF community to the new prompt is:

● Oct. 3   Primary Affiliation: Staff           

● Oct. 17 Primary Affiliation: Faculty 

● Nov. 7  Primary Affiliation: Students 

● Jan. 9   Remaining community members

The UF community will experience these changes:

User Interface
There is a new look and feel of the prompt screen (shown).

2FA Method Selection Change
UF community members currently select a verification method such as a passcode, mobile device push, or hardware token. The new prompt will select the most secure method available based on what a user has registered for.

Please contact the UFIT Help Desk if you have any questions or concerns about the changes to the multi-factor prompt.

Why You Should Delete Old Apps and Files

We store everything in our phones–saved media, files, and data stored inside apps. While this makes it convenient to document our life on social media or quickly retrieve a class file, it can also slow down your iPhone or Android device.

Even worse: A phone with tons of data and images stored on it is the holy grail for cybercriminals, who can hack into it and ransom your photos and personal information (like credit card numbers stored in an app) back to you. They can steal your identity and go shopping with your credit card or PayPal balance. They can decide to sell your data on the dark web. Whatever they do will severely disrupt your life. In addition to making sure you
use a strong password on your phone, it’s a good idea to delete any apps from your phone that are obsolete for your life now.

Your device will also run faster if unused apps and files are deleted. Most phones will list when you last visited each app. Did you download an app for a class or for a trip taken last year? If you don’t need it, delete it! Also, relocate content from your phone to an external storage service. Did you know that faculty, students, and staff get 5TB of OneDrive storage? Take advantage of this highly secure free cloud service today! Contact the UFIT Help Desk if you need assistance using OneDrive.