Slam the Scam, Gators!

March 7, 2024, is national “Slam the Scam!” day. This annual federal outreach initiative was launched during the pandemic to call attention to phone, direct message (DM), text, and email crimes. These scams have intensified and become more sophisticated.  Here are some warning signs to be aware of to help you slam the scam:

You are contacted unexpectedly by phone, email, text, DM, or pop-up message with a request for personal information or money. These crimes are successful because scammers use convincing stories: there’s a problem with your account, there’s a hold on your classes, there’s an issue with a package delivery, or an emergency with a loved one. Scammers pretend to be someone important who needs help, or pose as an employee from a familiar organization. Scammers tell you it is urgent you take action and often create fake caller ID information. If you get asked for personal information or money, make sure you verify the person who has contacted you before acting on any request. If it is a legitimate request the person will not mind. And never click a link or download an attachment from someone or an organization you don’t know.

Scammers use emotional triggers, like love or fear, to trick you into taking action. You may be asked to send a wire transfer or to purchase pre-loaded debit cards or gift cards. Another popular (read: successful) scam is receiving a check that is for more than expected, with the scammer asking you to repay the overage via the code from a pre-paid gift card or by a bank transfer.

The scammer might ask for your GatorLink credentials, bank account number, UFID, or even your Social Security number. Scammers often direct you to a website that looks legit (but isn’t). They’ll ask you to enter your name and password using pop-up messages on your computer or your mobile device, with a request to allow a software program to run. Don’t do it! Sometimes scammers provide a callback number or say that you can trust Caller ID when you question them. Remember…When in doubt, don’t give that information out!

It has become commonplace to receive scam texts (“smishing“) and phishing emails. The best protection from scammers is to familiarize yourself with how scams work.  If you receive an email in your GatorMail that makes you suspicious, click on the Phish Alert Button in MS Outlook located on the top right of your email, or forward it to abuse@ufl.edu.

Phishing vs. Spam

Most of us receive phishing and spam email daily. Phishing emails are intentionally deceptive and designed to scam personal information by impersonating known organizations, people, or companies. Spam emails are unsolicited junk emails that contain commercial or sometimes misleading information and are sent frequently, even from legitimate company or organizational email addresses.

Unlike emails sent legitimately from companies or organizations, phishing attempts often begin with impersonal greetings, such as “Dear Client,” instead of addressing you by name. They also frequently contain grammar or spelling errors and urge you to click on a malware-infected link. Always hover your mouse over a link to see if it leads to the intended site or use the URL Decoder on mail.ufl.edu. Spam emails don’t have as many defining characteristics, but they are usually advertisements sent frequently to alert recipients of sales, or that urge you to do something, like completing a survey or visiting a website.

You should always report phishing emails received in your UF GatorMail email. Also, you may be able to cut down on the amount of spam you receive by unsubscribing from company and organizational marketing emails. Students, faculty, and staff can use the Phish Alert Button in their GatorMail to report phishing attempts. For spam emails, unsubscribe from all of the sender’s communications by looking for an “Unsubscribe” link at the bottom of the email (usually in small text) of each spam message received.

Learn more about email safety: https://security.ufl.edu/resources/email-safety/.


The Personal Cost of a Cyberattack

The digitalization of our lives leaves us vulnerable to malicious attempts from cybercriminals to steal, expose, or destroy our personal and sensitive information through cyberattacks. As new technologies evolve, so do the tactics used to target individuals, including ransomware, credential theft, and more sophisticated social engineering scams. These attacks are increasing worldwide, with Check Point Research revealing a 38% global increase from 2021 to 2022 — affecting an average of one in three Americans.

So, what could a cyberattack cost you? Research from the Centre for Counter Fraud Studies found victims of cybercrime experience psychological impacts, such as anxiety, anger, and embarrassment, even if the attack didn’t result in monetary loss. A compromised account or hacked device can quickly escalate from an inconvenience to a financial stressor. Phishing, the top reported cybercrime to the FBI in 2022, cost victims an average of $173 per attack. UFIT’s Secure the Swamp video highlights the experiences of three UF students who fell victim to phishing attacks, with one attack resulting in their financial aid being stolen.

A common theme amongst malware and phishing attempts is malicious links and the attacker’s use of personally identifiable information that tricks you into giving your password. You can use GatorMail’s URL decoder to make sure the site you plan to visit is safe. And remember: No one from UF will ever ask you for your GatorLink password!

A cyberattack can disrupt your life with serious repercussions. The best way to protect yourself from a cyberattack is to be informed and practice safe cyber routines. View UFIT’s resources on the best practices to help protect yourself from malicious cyber activity.

Help UF Win the Cyber State Championship!

The Cyber Bowl is back! To spotlight Cybersecurity Awareness Month, UF has challenged nine other Florida universities to beat us on the virtual football field. The 2023 Cyber Bowl is an online competition, held Oct. 9 – Oct. 20. The Gators are competing for the title of State Champions against Florida State University, the University of Central Florida, the University of Miami, Florida Gulf Coast University, University of West Florida, University of North Florida, Florida International University, University of South Florida, and New College.

The Cyber Bowl consists of five questions, each related to social engineering. So, how do the Gators win?

The university with the highest percentage of faculty, students, and staff game players (based on their population number for each affiliation) wins. All that’s needed to register your entry in the game is a valid UFL.EDU email address. Every participating university is answering the same five questions. Just for playing in the Cyber Bowl, you’ll be entered to win a pair of tickets to the sold-out Florida-Florida State game on Nov. 25! UFIT will randomly select the winner from all game entries after the Cyber Bowl ends. You don’t have to answer the questions correctly for a chance to win. Just complete the entry screen after the questions.

To play, visit cyberbowl.security.ufl.edu anytime between Oct. 9 – Oct. 20 and answer the questions. Make sure to enter your GatorLink credentials at the end of the game, so your entry is counted for UF. Thank you for participating in this year’s Cyber Bowl… and GO GATORS!

Email Encryption Options in GatorMail

GatorMail’s security features like the phish alert button, spam folder, and email encryption help protect users from cyberthreats and provide a secure email experience. GatorMail email encryption is a proactive way to require authentication, protecting sensitive or restricted information from being seen by unauthorized viewers. Note that encryption options are only available for UF community members who have the Outlook desktop app or its web client version run from a computer. Neither Outlook’s mobile client or the web version when being used on a mobile device offer the encryption options.

GatorMail offers four encryption options:
Encrypt Only: Encrypts email contents and may require authentication to read
Do Not Forward: Prevents recipients from forwarding the email
UF Confidential: Allows recipients to modify content but blocks copy/print privileges
UF Confidential – View Only: Read-only permission for the recipients

UFIT has screen captures showing step-by-step visuals for encrypting emails. Encrypting an email means its contents are only readable by the person you sent it to, and cannot be intercepted. Faculty and staff who would like assistance with GatorMail are welcome to call (352-392-HELP/4357), email, or visit (132 Hub) the UFIT Help Desk.

Updated Info Security Training for 2023

Just in time for the new academic year! UF’s Information Security Office has updated its mandatory annual training. Faculty and staff will receive an email reminder on their one-year anniversary of their previous training completion date, but can take the training any time. There are six modules in the training and they take approximately 35-45 minutes to complete. Visit this page to take the training.

The number one cause for compromised GatorLink accounts is when a student, faculty, or staff member opens and responds to a phishing email.

Students can take the phishing module that’s part of the full training. The stand-alone phishing module is a great way to become better informed about how cyber-criminals operate. Now that you’ll be interacting with campus departments and faculty (who cyber-criminals will try to impersonate), students are strongly encouraged to learn how phishing works. Students can find the link to the phishing module training in the ONE.UF menu. The 15-20 minutes you invest in taking the phishing training can pay off in a big way when you learn how to spot and report malicious emails, instead of opening one and inadvertently bringing on a world of hurt on yourself…and potentially your university.

Safely Use Virtual Payment Apps

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.

Tech Resolutions For a Safer 2022

Staying cyber secure is a great new year resolution that won’t have you counting calories or committing to more exercise!  By adopting some of the resolutions below, the UF community can make a huge difference to their overall cybersecurity safety (also known as your “security posture”).  Enhance your cyber footprint security by:

  1. Changing compromised passwords and creating different passwords for each account. Check for compromised passwords at https://haveibeenpwned.com.
  2. Activating multi-factor authentication (MFA) on critical accounts like email, banking, and social media. Find which sites you use support MFA by visiting https://2fa.directory.
  3. Deleting old social media accounts and other accounts you no longer use.
  4. Reviewing privacy and security settings annually on social media accounts and other sites at least once a year.
  5. Removing unused apps from mobile devices. Unused apps are like unused accounts–they store information that can be used against you if they’re compromised.
  6. Creating a guest network for visitors to your home. If you have smart devices like Ring or Nest, consider creating a guest network for those items. Then if the smart devices get compromised, your home network will still be protected.
  7. Thoroughly delete (“wipe”) all electronic devices before donating or disposing, or have them shredded by a trusted vendor. UF Surplus manages the secure disposal of electronic media and electronic waste of university technology.

For more ways to be cybersafe in 2022,  check out the email safety and computer protection boxes on UF’s Information Security Office website homepage.

Creating Opportunities in Our Community

In summer 2021, UFIT reached out to Santa Fe College to initiate a partnership for students from populations underrepresented in technology fields. This new internship program provides hands-on work experience and mentoring by UFIT staff. Eight interns began their work experience this fall, and three–Joseph, Lauren, and Jerrell–chose to intern with UF’s Information Security Office. Here’s a brief look at our information security interns:

Joseph who has already earned his A.S. in Network Security, has learned a lot thus far, including how the risk assessment process works and the security aspects of firewalls.
“I learned how to categorize risk assessments. Risk assessments help with security because you are looking from the outside in and it gives you better insight when analyzing how data flows through the network.”

Programming major Lauren wants to become a QA engineer. She likes testing and making sure apps are secure and accessible to everyone, especially those with special needs. “I am very grateful for this internship and appreciate how patient everyone is as I learn new tools like T4. I want to try to help everyone because I know technology can be difficult for some.”

Information Systems Security major Jerrell plans on earning a master’s in cybersecurity information assurance and then work in penetration testing. He has gained much from this internship: “I’ve learned a lot about HIPAA and FERPA compliance, and enjoy sitting in with the monitoring team, which is an area I’m interested in professionally. ISO staff have given me career advice, and I appreciate them pushing and guiding me into my purpose.”