Build a Resilient Cybersecurity Environment – Page 4 – University of Florida Information Technology News

Cyber Bowl 2022: Beat FSU!

Posted on October 3, 2022

For Cyber Security Awareness Month, Florida State University’s Information Technology Services (FSU-ITS) challenged UF to a Cyber Bowl, an online game played on the virtual playing field. The Cyber Bowl will be live from October 3 – 14. It’s set up like a football game with four quarters. Each “quarter” contains one question related to social engineering. So…how do the Gators win?

The university who can get the most students, faculty, and staff game players wins. To register your entry in the game, all that’s needed is a valid UFL.EDU email address. The Florida State community is answering the same questions that UF is. And just for playing the Cyber Bowl, you could win a pair of tickets to the Florida-Florida State game on November 25! UFIT will randomly select one student and one faculty/staff member from all game entries to win the tickets. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions. And hey, learning more about social engineering is a “win” for you and for your university.

To play, visit https://cyberbowl.security.ufl.edu/ anytime between October 3 – 14, answer the questions, and help us beat the ‘Noles! That’s always a good thing, whether we’re playing FSU in a virtual location or a physical one. Thanks for participating in the Cyber Bowl and…GO GATORS!

Cybercrime Spikes at Start of Semester

Posted on September 5, 2022October 2, 2022

Phishing emails, with malware and dangerous links embedded in them, increase at the start of each semester. Why? Cybercriminals know that new faculty, students, and staff do not yet understand what to expect from UF emails, and whether asking for GatorLink password information in an email is standard conduct. (It isn’t.)

In addition to phishing, social engineering includes deceitful activities like spear phishing, smishing, tailgating, and doxxing. Make time to review the Information Security Office’s
social engineering webpage and become familiar with techniques that cybercriminals use. To help the UF community better understand phishing, Dr. Amanda Phalin, Faculty Senate chair and senior lecturer in Warrington’s Management Department, recorded this video, which explains what it is and how it works.

In the past 12 months, UFIT’s security detection systems have caught 98.5% of phishing messages sent from outside the university. Still, some phishing emails do get through. That’s why being vigilant about what you click on is so important. The phish alert report button in GatorMail lets you report suspicious messages. If you receive an email you suspect is a phish, highlight the email and click on the phish alert report button. This action sends the potentially malicious email directly to the Information Security Office so staff can investigate. Emails from outside UF are marked with the [External Email] banner. Apply extra caution when you see this banner, especially if they purport to be from someone at UF.

Have a great semester and GO GATORS!

Learn How Doxxing Attacks Work

Posted on July 28, 2022October 2, 2022

Recently, news outlets reported threats to a U.S. Supreme Court justice. What began as a social media attack became potentially a physical assault. This type of attack is called “doxxing.” Doxxing is defined as publicly revealing previously private information about an individual or organization, usually via the internet.

Doxxing attacks often focus on a journalist or public figure–like a faculty member–over something they have written. An individual or group opposed to what’s published can severely disrupt the author’s life, and in extreme cases their safety is threatened. Doxxing frequently results in abusive phone calls and text messages, sometimes in conjunction with a social media campaign or series of emails designed to harass and intimidate the writer.

The first step to protecting yourself against doxxing is to find out what information about you is publicly available. Conduct online searches in multiple browsers (e.g., Google, Firefox, Safari) and find out what others can see. Then, request removal of private information you find listed on any website. Also, be careful what you share on social media, especially information that could be used to find you or your family, such as location data in photos or posts. The most important step is to secure all your accounts with strong passwords and multi-factor authentication whenever possible. Visit UF’s Information Security Office “Protect My…” webpage and learn more about keeping personal information private.

Identifying Deepfake Videos

Posted on June 23, 2022April 22, 2024

Misleading content online becomes more sophisticated with each technology advancement. One type of “fake news” becoming more prominent across all social channels is the deepfake, a video that’s been modified to make the subject appear to be doing or saying something they did not.

Deepfake videos are made to fool viewers for a variety of reasons including political agendas, financial gain, to embarrass someone or a group, or to use for blackmail. Public figures can be made to say things they never said, inciting viewers or followers to think a certain way and take action based on misinformation. A viral deepfake video supposedly of Tom Cruise has more than a million views. Here’s a breakdown by the video’s creator on how he utilized AI to construct the video: DeepTomCruise TikTok Breakdown.

It is possible to identify some deepfake videos by noticing changes in skin tone, jerky facial movements, or lip movements that do not match dialogue. But as the technology improves these clues could become even harder to spot. If you have concerns about the authenticity of a video purporting to be from UF, please contact the department posting the video or send your concern to the UFIT Help Desk.

Full-Day NVIDIA Workshops–Summer 2022

Posted on June 5, 2022October 2, 2022

UFIT is offering two, full-day NVIDIA workshops this summer. Registration for the Deep Learning Institute (DLI) offerings is open to faculty and to staff who support research computing applications. Anyone with questions prior to registering may contact AI Support Team Lead Ying Zhang, yingz@ufl.edu.

NVIDIA DLI: Building Transformer-Based Natural Language Processing Applications
This is an online workshop, held via Zoom.
DATE: June 21, 2022
TIME: 9:00 a.m. – 6:00 p.m.
INFORMATION: https://rc.ufl.edu/calendar/#!view/event/date/20220621/event_id/24401

NVIDIA DLI: Fundamentals of Deep Learning
This is an in-person workshop, held at the UF Informatics Institute (432 Newell Drive).
DATE: July 28, 2022
TIME: 9:00 a.m. – 5:00 p.m.
INFORMATION: https://www.rc.ufl.edu/calendar/#!view/event/date/20220728/event_id/24328

Participants receive an NVIDIA DLI certificate to recognize their subject matter competency after the successful completion of the post-workshop assessment. UFIT offers year-round training opportunities to support research inquiry. Visit the calendar of training and events for other learning opportunities.

Enter Phishle Contest to Win Gift Card

Posted on May 30, 2022October 2, 2022

The UF Information Security Office’s annual summer contest is open June 1 – 30, 2022. This year, all you have to do is play Phishle — UFIT’s information security take on the popular game “Worldle®” — to qualify for weekly gift card drawings.

Never played Phishle? Like Wordle®, Phishle is a word game. But Phishle focuses on players learning about social engineering terms such as phishing, smishing, vishing, and tailgating while solving the daily word puzzle. Phishle launched in Spring 2022 by Spencer Fasulo, a freshman computer science major who interns with the Information Security Office (ISO). Before entering the Phishle contest, check out the ISO’s great new social engineering webpage. You’ll learn what to watch out for and be better equipped to complete the daily Phishle game and win a gift card!

Phishle players get an entry for each 10 words they find. After achieving 10 correct words, fill out the form provided with your contact information. Two gift cards will be awarded each week, with winners announced on UFIT’s Twitter and Instagram accounts. Gift cards will need to be picked up in the 720 Building by local winners. Winners residing outside of Alachua County will receive their gift cards via US Mail.

Beware of Scam Texts and Phone Calls

Posted on May 12, 2022April 22, 2024

Have you received a strange text like this one (pictured)? Smish alert! Smishing and vishing are like phishing, except scammers use different devices to try and trick you into giving up personal information.

Smishing is done through text messages, while vishing happens through phone calls. Smishing attackers are also using instant messaging apps, like WhatsApp!, as well as LinkedIn and Facebook to reach new victims. What do they want? The same things that phishing scammers are after: personal information, account passwords, and your money. Often, scammers employ social engineering tactics by pretending to be someone you know or represent a familiar organization.

The best way to handle smishing and vishing attempts is simple: Delete the message or hang up! As an added measure, depending on your device and cellular provider, you may be able to block and report the sender. It only takes one click, call, or responding to one message to have your personal information stolen or credit card maxed out. And, if that stolen personal information leads to figuring out how to use your GatorLink credentials, then you, your friends, professors, and anyone else on the UF Network could be impacted.

If you are unsure about a communication purporting to be from a UF department–email, text, or phone call–you can always check with the UFIT Help Desk.

Progress Towards the 2020-25 Strategic Plan for IT

Posted on March 14, 2022October 2, 2022

The 2020-2021 Contributions Report is now available online.

“This annual report covers July 2020 through June 2021, an extraordinary period of change and challenge,” said VP and CIO Elias Eldayrie. “I am extremely proud of the way our staff not only contributed to the university’s effort to combat COVID-19, but also that we could still support the campus with more than 300 completed projects and enhancements during this time period.”

UFIT is deeply committed to improving UF’s customer experience. Investing in new and innovative ways of delivering campus support is a primary focus for the work underway to achieve the goals outlined in the University of Florida’s Strategic Plan for IT: 2020-2025. Anyone with comments about the publication may send them to UFIT Communications.

Learn the UF Risk Assessment Process

Posted on February 17, 2022October 2, 2022

UFIT is now offering integrated risk management (IRM) system training. The course focuses on the IRM process and responsibilities of system submitters, project owners, and the information security manager or technical contact listed on the assessment request. Log into myTraining and search for UF_ITT104_OLT to take the training.

Development of this training is in response to requests from information security managers and department staff who work with UFIT on risk assessments. The IRM training takes approximately 45 minutes to one hour to complete. Note that completing UF_ITT104_OLT will soon become mandatory in order to maintain either the UF_SEC_TECHCONTACT or UF_SEC_ISM security roles.

UFIT recommends all IT staff involved in university risk assessments take the training. For more information visit https://irm.ufl.edu/. Anyone with questions about the integrated risk management process may email the IRM team at irm-uf@ufl.edu.