Ransomware: What Is It and How Does It Happen?

While new cyber threats, like deepfake phishing and MFA bombing, are on the rise, older types of threats remain a big danger. Understanding what these threats are is vital to protecting your personal data and UF’s digital environment.

A particularly damaging threat is ransomware — a type of malware that prevents users from accessing their device and the data stored on it. This is usually done by encrypting the files on that device—it can happen on your smartphone, laptop, or PC. The malware is typically introduced through a traditional social engineering scam like phishing. Ransomware attackers claim that if the user pays some amount of money — a ransom — then the attacker will provide the decryption key needed to restore the data. In reality, the hacker may or may not provide that key…even after the victim pays.

If losing access to your data is not bad enough, ransomware attackers often steal copies of the data before they encrypt it and then threaten to release what they’ve found unless the victim pays the ransom. Think about what it would mean for someone, somewhere, to have your personal photos, emails, and documents stored on your device.  Even if you paid to get them back, a year or more later the ransomware attacker could come back and threaten you again with an extortion demand or just decide to put everything they stole from you on a website.

According to Verizon’s 2024 Data Breach Investigations Report, email is one of the most common methods for attackers to carry out “system intrusion” attacks, like ransomware and extortion. Recognizing the signs of phishing, such as strange email addresses, urgent and unusual requests, and suspicious links, can help protect you from a ransomware attack. Regularly backing up the files on your computer to a cloud or external drive can also be helpful if you fall victim to an attack.

UFIT offers several options for cloud file storage at no cost for faculty, students, and staff through the GatorCloud. To learn more about how to back up your entire computer, with both cloud and local options, visit https://security.ufl.edu/learn-security/protect-my/computer/#backup.

Decluttering Your GatorMail Inbox

GatorMail is the University of Florida’s free email and collaboration tool available to faculty, students, and staff. GatorMail is the most secure, convenient way to send and receive emails while you’re a part of the UF community.

Although UF’s Information Security Office employs advanced technologies that block hundreds of millions of malicious external emails each year, some spam, junk, and phishing emails still can make their way into your inbox. It can be more challenging to filter out phishing emails, especially spear phishing messages tailored specifically to the recipient. If you ever receive a suspected phishing email in your GatorMail, report it directly to UF’s Information Security Office by using the Phish Alert Button.

GatorMail’s junk settings can help keep your inbox virtually free of unsolicited messages. Did you know you can report junk, block specific senders and domains, and add filters to your GatorMail? Microsoft Outlook also offers the Clean Up Conversation tool to reduce the number of redundant messages in your inbox. To help prevent spam, it’s not recommended to use your UF email address for third-party accounts and listservs.

Visit https://www.mail.ufl.edu/managing-email/securing-gatormail/ to review UFIT’s email safety tips, including steps to report spam and GatorMail’s email security policies. And, if you need any assistance setting up a GatorMail inbox rule, just stop by the UFIT Help Desk at 132 Hub, across from the Starbucks.

Refreshing Your Account Security

UF Information Technology (UFIT) recommends evaluating the security of all of your online accounts. Strengthening your passwords for important accounts such as personal email, online banking access, and social media can protect you from some of the most damaging hacks. 

It is extremely important to use a different password on each site, so hackers can’t use passwords stolen from one account to break into your other accounts. One strategy recommended by security professionals is to use a “passphrase” made up of four or more random, unrelated words. Surprisingly, this is a stronger password than one made up of random letters and characters and is much easier to remember!  UF requires strong passwords for GatorLink account credentials. A common misconception about your GatorLink credentials is that you can’t use words found in a standard American dictionary as your password. But if your password is longer than 18 characters, then words are allowed. So, the next time you update your UF credentials, consider using a passphrase.

UFIT also recommends setting up multi-factor authentication (MFA) on your non-UF critical accounts. MFA solutions for external applications work like how Duo Mobile works at UF: your mobile device generates a one-time access code that you enter to access the account. By configuring MFA on your accounts and using the ‘Authenticator App’ option when doing so, you add an extra layer of security even if hackers compromise your password. All mobile devices can store MFA codes in the same Duo Mobile app you already use for UF. Alternatively, Apple devices can store those MFA codes in iCloud Keychain, where they will sync and autofill across your personal devices (including Windows via the iCloud application).

Beyond MFA, some companies now offer support for passkeys. A passkey uses an on-device verification mechanism, such as Face ID or a screen lock passcode, to verify your identity and allow access to an online account. Passkeys by design are more secure than passwords and provide protection against phishing, because they don’t require you to remember anything! Check out this demo to discover how passkeys work and visit the Passkey Directory for a list of websites that support passkeys today. 

Taking steps to secure your accounts is an investment in protecting your identity, money, and online image and reputation. For more information on creating secure passwords: https://security.ufl.edu/learn-security/passwords/ 

Improving Technologies Make Impersonation Scams More Effective

Most of us have received phishing emails in our inbox and smishing messages on our phones impersonating people or companies we trust. According to the US Federal Trade Commission (FTC), consumers lost $1.1 billion to these types of social engineering scams in 2023. That is three times more than in 2020, with strong growth expected now that artificial intelligence (AI) technologies can be used to make phishing communications more convincing. 

We have often been able to spot these impersonations by noticing non-standard language in sentences, grammatical errors, or messages that don’t seem to apply to the situation. But as AI tools improve, scammers can use them to rapidly create very convincing messages that lack the tell-tale signs we’ve become accustomed to spotting. It is even possible to use so called deepfake tools to create convincing audio and video of someone speaking – using only short clips of the real person speaking.  

Here are other clues to help identify impersonation scams:  

  • Verify the source. Check the email address the email was sent from, and if a suspicious email comes in to your GatorMail email, double-check whether the message is flagged in red as [External Email]. On your phone, smishing messages often appear to come from an email address rather than a phone number. 
  • Check with the sender. Impersonation scams often want to give you the impression that the real person being impersonated is not available, which is why they need you to quickly take some action for them. But it doesn’t hurt to give the real person a call or send a message to verify, because if they answer, it was probably a scam! Do not hit ‘reply’ or ‘redial.’ Instead, look up the person in your contacts or find a reliable contact for companies independently (such as calling the phone number on the back of your credit card if you get a text purportedly coming for your bank) 
  • It’s a good idea to agree on a way to authenticate communications with people ahead of time, such as by creating a ‘code word’ that family members can use if they are really in trouble.  

If you find yourself the recipient of an impersonation scam, you should report the fraud to the FTC. This helps federal investigators stop scammers before they can reach more people. 

For more information on impersonation scams, visit https://security.ufl.edu/learn-security/.

Slam the Scam, Gators!

March 7, 2024, is national “Slam the Scam!” day. This annual federal outreach initiative was launched during the pandemic to call attention to phone, direct message (DM), text, and email crimes. These scams have intensified and become more sophisticated.  Here are some warning signs to be aware of to help you slam the scam:

You are contacted unexpectedly by phone, email, text, DM, or pop-up message with a request for personal information or money. These crimes are successful because scammers use convincing stories: there’s a problem with your account, there’s a hold on your classes, there’s an issue with a package delivery, or an emergency with a loved one. Scammers pretend to be someone important who needs help, or pose as an employee from a familiar organization. Scammers tell you it is urgent you take action and often create fake caller ID information. If you get asked for personal information or money, make sure you verify the person who has contacted you before acting on any request. If it is a legitimate request the person will not mind. And never click a link or download an attachment from someone or an organization you don’t know.

Scammers use emotional triggers, like love or fear, to trick you into taking action. You may be asked to send a wire transfer or to purchase pre-loaded debit cards or gift cards. Another popular (read: successful) scam is receiving a check that is for more than expected, with the scammer asking you to repay the overage via the code from a pre-paid gift card or by a bank transfer.

The scammer might ask for your GatorLink credentials, bank account number, UFID, or even your Social Security number. Scammers often direct you to a website that looks legit (but isn’t). They’ll ask you to enter your name and password using pop-up messages on your computer or your mobile device, with a request to allow a software program to run. Don’t do it! Sometimes scammers provide a callback number or say that you can trust Caller ID when you question them. Remember…When in doubt, don’t give that information out!

It has become commonplace to receive scam texts (“smishing“) and phishing emails. The best protection from scammers is to familiarize yourself with how scams work.  If you receive an email in your GatorMail that makes you suspicious, click on the Phish Alert Button in MS Outlook located on the top right of your email, or forward it to abuse@ufl.edu.

Spear Phishing on the Rise

A more personalized, sophisticated, and invasive form of phishing is on the rise: Spear phishing. Spear phishing is a social engineering tactic used to steal sensitive information from a specific person or group by tailoring the message. For example, an attacker could pretend to be an IT staff member from your college to trick you into revealing your GatorLink credentials.   

While regular phishing attempts try to scam as many people as possible through generally deceptive language, the personalization of spear phishing attacks makes them more effective and more dangerous. Barracuda‘s 2023 Phishing Trends Report found that spear phishing emails make up less than 0.1% of all emails sent yet cause 66% of all breaches.

There are several signs to look for if you think you have received a spear phishing email in your GatorMail. Is the email address domain from a legitimate organization? If the email appears to have come from a UF email address, utilize the UF directory to confirm the sender’s contact information. Also, hover your cursor over any links in the email and review the URL before clicking on it. Be wary of overly friendly language or strange use of slang, imperfect sayings or misuse of English. Cybercriminals frequently use language that indicates urgency (like “ASAP” or “URGENT!”) in spear phishing attempts.

If you get a spear phishing message in your GatorMail, immediately send it to the Information Security Office using the phish alert button. If you’ve fallen victim to a spear phishing message and unwittingly provided your UF username and password (i.e., your GatorLink credentials) to a scammer, then contact the UFIT Help Desk at once (352-392-HELP/4357). When you report that your account has been compromised, staff will help you change your password and do everything they can to minimize the impacts of the account compromise.

The Institutional Impacts of a Cyberattack

Higher education is facing an exponentially growing threat: Cyberattacks. Check Point Software reports educational institutions experienced an average of 2,507 cyberattack attempts per institution per week in the first three months of 2023 alone! Universities and colleges are at a high risk of suffering a data breach or a ransomware attack because the amount and types of data created and stored is extremely valuable to cybercriminals–data like student records, banking information, protected health information, and research data. Restricted data falling into the wrong hands can be devastating for UF, its constituents, to university business partnerships, and for funding from federal and state agencies. The welfare of the campus community and even our recruitment capabilities are all on the line.

Information security is our shared responsibility! Faculty, students, and staff must all be aware of what’s at stake, and do their part to help protect UF from cyberattacks. According to a 2023 IBM Security report, data breaches initiated through compromised credentials (such as GatorLink login information) take the longest for institutions to resolve and can be incredibly costly. Help prevent data breaches by practicing caution when opening any email received in your GatorMail marked [EXTERNAL EMAIL]. These emails come from outside the UF organization and could potentially be phishing attempts. Pay close attention to any email requesting your GatorLink login or other personally identifiable information, and report suspicious messages directly to UFIT with the phish alert report button in the top right corner of your GatorMail.

UFIT’s Information Security Office’s website has recently refreshed its online presence with new resources. Take some time to visit https://security.ufl.edu/protect-yourself/social-engineering/ and learn about different types of cyberattacks and some best practices for protecting yourself…and UF.

What To Do When You Get a New Device

Did you get a new laptop or smartphone over the winter break? You’ve invested in a new device so take the time to ensure it is cyber-secure and prepared for your campus life needs. Here are three steps to prioritize before you spend your life on that new device:

  1. Whether you plan on donating or reselling your old device, before doing so, back up all data into a secure cloud or drive to keep it safe and private, so it’s available when needed. According to Wired, you should wipe all of your old device’s data by factory-resetting your device (an option in your device’s settings options) to safeguard your information from falling into the wrong hands.  
  2. Set up the new device for use with DUO to approve GatorLink logins. Also, configure your device to eduroam to have the fastest internet available on campus. 
  3. When creating a password or PIN for your new device, don’t even think about using ‘1-2-3-4’ or ‘2-5-8-0’, Gators! If possible, avoid saving personal login info and payment details because if you do, cyber criminals can easily steal these if they hack into the device.

Visit https://security.ufl.edu/protect-yourself/protect-my/mobile-device/ for more tips on keeping your devices and information secure.  

Phishing vs. Spam

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.

The Personal Cost of a Cyberattack

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.