Spear Phishing on the Rise

A more personalized, sophisticated, and invasive form of phishing is on the rise: Spear phishing. Spear phishing is a social engineering tactic used to steal sensitive information from a specific person or group by tailoring the message. For example, an attacker could pretend to be an IT staff member from your college to trick you into revealing your GatorLink credentials.   

While regular phishing attempts try to scam as many people as possible through generally deceptive language, the personalization of spear phishing attacks makes them more effective and more dangerous. Barracuda‘s 2023 Phishing Trends Report found that spear phishing emails make up less than 0.1% of all emails sent yet cause 66% of all breaches.

There are several signs to look for if you think you have received a spear phishing email in your GatorMail. Is the email address domain from a legitimate organization? If the email appears to have come from a UF email address, utilize the UF directory to confirm the sender’s contact information. Also, hover your cursor over any links in the email and review the URL before clicking on it. Be wary of overly friendly language or strange use of slang, imperfect sayings or misuse of English. Cybercriminals frequently use language that indicates urgency (like “ASAP” or “URGENT!”) in spear phishing attempts.

If you get a spear phishing message in your GatorMail, immediately send it to the Information Security Office using the phish alert button. If you’ve fallen victim to a spear phishing message and unwittingly provided your UF username and password (i.e., your GatorLink credentials) to a scammer, then contact the UFIT Help Desk at once (352-392-HELP/4357). When you report that your account has been compromised, staff will help you change your password and do everything they can to minimize the impacts of the account compromise.

Encryption Feature Available in O365

UF’s GatorMail (O365) service includes an easy and fast way to encrypt email. Encryption protects the privacy of an email message and its attachments by converting the contents from readable text into scrambled text. When you encrypt the email, only the recipient(s) who have the encryption key can unscramble the message and read what you sent. Anyone without the corresponding private key–like an unintended recipient or cyberthief–sees only indecipherable text. UFIT recently completed a project to migrate UF mailboxes to O365, known as GatorMail. Within GatorMail is a new button called Encrypt. (See story image.) Here’s how to use:

1. In an email message, choose Options on the navigation menu and select Encrypt.
2. Choose the encryption restrictions you want the message to have, such as Encrypt-Only or Do Not Forward.

Visit https://www.mail.ufl.edu/‘s “Managing Email” section for more information on how encryption works and other secure emailing tips.