Data Security – University of Florida Information Technology News

Spear Phishing on the Rise

Posted on February 19, 2024

A more personalized, sophisticated, and invasive form of phishing is on the rise: Spear phishing. Spear phishing is a social engineering tactic used to steal sensitive information from a specific person or group by tailoring the message. For example, an attacker could pretend to be an IT staff member from your college to trick you into revealing your GatorLink credentials.

While regular phishing attempts try to scam as many people as possible through generally deceptive language, the personalization of spear phishing attacks makes them more effective and more dangerous. Barracuda‘s 2023 Phishing Trends Report found that spear phishing emails make up less than 0.1% of all emails sent yet cause 66% of all breaches.

There are several signs to look for if you think you have received a spear phishing email in your GatorMail. Is the email address domain from a legitimate organization? If the email appears to have come from a UF email address, utilize the UF directory to confirm the sender’s contact information. Also, hover your cursor over any links in the email and review the URL before clicking on it. Be wary of overly friendly language or strange use of slang, imperfect sayings or misuse of English. Cybercriminals frequently use language that indicates urgency (like “ASAP” or “URGENT!”) in spear phishing attempts.

If you get a spear phishing message in your GatorMail, immediately send it to the Information Security Office using the phish alert button. If you’ve fallen victim to a spear phishing message and unwittingly provided your UF username and password (i.e., your GatorLink credentials) to a scammer, then contact the UFIT Help Desk at once (352-392-HELP/4357). When you report that your account has been compromised, staff will help you change your password and do everything they can to minimize the impacts of the account compromise.

Email Encryption Options in GatorMail

Posted on August 17, 2023

GatorMail’s security features like the phish alert button, spam folder, and email encryption help protect users from cyberthreats and provide a secure email experience. GatorMail email encryption is a proactive way to require authentication, protecting sensitive or restricted information from being seen by unauthorized viewers. Note that encryption options are only available for UF community members who have the Outlook desktop app or its web client version run from a computer. Neither Outlook’s mobile client or the web version when being used on a mobile device offer the encryption options.

GatorMail offers four encryption options:
● Encrypt Only: Encrypts email contents and may require authentication to read
● Do Not Forward: Prevents recipients from forwarding the email
● UF Confidential: Allows recipients to modify content but blocks copy/print privileges
● UF Confidential – View Only: Read-only permission for the recipients

UFIT has screen captures showing step-by-step visuals for encrypting emails. Encrypting an email means its contents are only readable by the person you sent it to, and cannot be intercepted. Faculty and staff who would like assistance with GatorMail are welcome to call (352-392-HELP/4357), email, or visit (132 Hub) the UFIT Help Desk.

Safely Use Virtual Payment Apps

Posted on May 4, 2023

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.