The Personal Cost of a Cyberattack

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Why You Should Delete Old Apps and Files

We store everything in our phones–saved media, files, and data stored inside apps. While this makes it convenient to document our life on social media or quickly retrieve a class file, it can also slow down your iPhone or Android device.

Even worse: A phone with tons of data and images stored on it is the holy grail for cybercriminals, who can hack into it and ransom your photos and personal information (like credit card numbers stored in an app) back to you. They can steal your identity and go shopping with your credit card or PayPal balance. They can decide to sell your data on the dark web. Whatever they do will severely disrupt your life. In addition to making sure you
use a strong password on your phone, it’s a good idea to delete any apps from your phone that are obsolete for your life now.

Your device will also run faster if unused apps and files are deleted. Most phones will list when you last visited each app. Did you download an app for a class or for a trip taken last year? If you don’t need it, delete it! Also, relocate content from your phone to an external storage service. Did you know that faculty, students, and staff get 5TB of OneDrive storage? Take advantage of this highly secure free cloud service today! Contact the UFIT Help Desk if you need assistance using OneDrive.

Safely Use Virtual Payment Apps

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.

Work Safely with Restricted Data

Restricted data refers to data collected, maintained, or managed by the university or through any university activities that are restricted by special protections from federal or state laws, regulatory mandates, or contractual obligations. Improperly working with, storing of, or transmitting restricted data could result in the revocation of research certifications, university business partnerships, and federal and state grants. In addition to the legal liabilities and financial obligations placed on individual employees and the university, a breach or misuse of restricted data would negatively impact UF’s reputation.

Types of restricted data are listed here. They include, but are not limited to, student records (FERPA), protected health information (HIPAA), Social Security numbers and credit card information, and export controlled data (ITAR).

All faculty and staff are required to annually complete the Information Security Awareness training, which includes a section on working with restricted data. UF’s Mobile Computing and Storage Devices Policy explains security and encryption standards required for devices operating with restricted data. UFIT’s Integrated Risk Management team is available to help clarify data classifications and the technologies and tools cleared for use with restricted data. Anyone in the UF community with questions is welcome to email irm-uf@ufl.edu.

Identifying Deepfake Videos

Misleading content online becomes more sophisticated with each technology advancement. One type of “fake news” becoming more prominent across all social channels is the deepfake, a video that’s been modified to make the subject appear to be doing or saying something they did not.

Deepfake videos are made to fool viewers for a variety of reasons including political agendas, financial gain, to embarrass someone or a group, or to use for blackmail. Public figures can be made to say things they never said, inciting viewers or followers to think a certain way and take action based on misinformation. A viral deepfake video supposedly of Tom Cruise has more than a million views. Here’s a breakdown by the video’s creator on how he utilized AI to construct the video: DeepTomCruise TikTok Breakdown.

It is possible to identify some deepfake videos by noticing changes in skin tone, jerky facial movements, or lip movements that do not match dialogue. But as the technology improves these clues could become even harder to spot. If you have concerns about the authenticity of a video purporting to be from UF, please contact the department posting the video or send your concern to the UFIT Help Desk.

Learn the UF Risk Assessment Process

UFIT is now offering integrated risk management (IRM) system training. The course focuses on the IRM process and responsibilities of system submitters, project owners, and the information security manager or technical contact listed on the assessment request. Log into myTraining and search for UF_ITT104_OLT to take the training.

Development of this training is in response to requests from information security managers and department staff who work with UFIT on risk assessments. The IRM training takes approximately 45 minutes to one hour to complete. Note that completing UF_ITT104_OLT will soon become mandatory in order to maintain either the UF_SEC_TECHCONTACT or UF_SEC_ISM security roles.

UFIT recommends all IT staff involved in university risk assessments take the training. For more information visit https://irm.ufl.edu/. Anyone with questions about the integrated risk management process may email the IRM team at irm-uf@ufl.edu.

Safe Travel is Smart Travel: Cyber Vigilance

As flights and hotel bookings surge past pre-pandemic levels, travelers should prepare for a busy holiday season. Crowded airports can be an early holiday gift for identity thieves. Don’t let the chaos of the airport allow you to let your guard down. Gators, remember while traveling over the break period to:

Avoid public Wi-Fi. If you must use free Wi-Fi in airports, cafes, or in hotels, use a VPN to connect. Also, double-check the network’s name (SSID) before connecting. You could unknowingly connect to a spoofed network or someone else’s hotspot, which means what you type could be seen and copied by others.

Beware of vacation rental scams. While perusing Airbnb or Craigslist for a rental, be alert to an offer that’s too good to pass up. Before booking an accommodation online, research the address, owner’s name, and if the property reviews go back more than a few weeks. Check for multiple ways to contact the owner.

Disable auto-connect features. Most phones enable automatic connections for Wi-Fi, Bluetooth, and location services. These features allow others to track your location or send malicious files to your device. Keep these settings disabled when you are not using them!

Visit https://security.ufl.edu/resources/traveling-abroad/ for more cyber tips for travelers.

How To Shop Securely During Black Friday & Cyber Monday

‘Tis the season for online shopping. Unfortunately, it’s also the season for holiday scams. With Black Friday and Cyber Monday deals right around the corner, it’s important to know what to look for when shopping for the perfect gift. Here are some tips so you don’t get Scrooged:

Pay with a secure method. Using a credit card provides extra protection for online purchases. Under the Fair Credit Billing Act (FCBA), credit card holders are allowed to dispute fraudulent charges, whereas with a debit card, the money comes directly out of a checking account. Remember to check your bank statements regularly for any unauthorized payments.

Research the seller. Before checking out, verify that the business is legitimate. Search the company’s name online, plus “scam,” to read what others are saying. If you’re unsure, check with the state attorney general or the local consumer protection agency to see if there are any filed complaints.

Don’t fall for fake ads. Fake advertisements lurk on legitimate platforms, including email, social media, and search engines. Think twice before clicking on ads. Go directly to the business’s website to verify that the offer is real.

For more cybersecurity tips, visit https://security.ufl.edu/.

The Cost of Phishing: Money, Time, Personal Files

“I should have recognized the red flags. I thought it was easy to avoid phishing emails, but I was wrong. I should have taken the email more seriously, and I had to try to get my account back and missed a test. Thankfully, that’s the only thing I missed.”

When it comes to phishing, it’s possible to lose everything in one click, but you’ll never understand the consequences until it happens to you. In UFIT’s video, three students share real stories from victims of cybercrime.

These examples show what could happen after falling for a phish, from locking you out of your computer to rerouting financial aid money to a cybercriminal’s bank account. But the impacts aren’t limited to one person. One incident is all it takes to shut down UF systems or expose student records, research data, and patient information. With so much at stake, it’s important for everyone at UF to remain skeptical of what arrives in their inbox.

The UF Information Security Office has more information about phishing on its website. You can also participate in the Secure the Swamp! online scavenger hunt from October 25-29 to sharpen your cybersecurity skills.