Smishing – University of Florida Information Technology News

Cybercrime Spikes at Start of Semester

Posted on September 5, 2022October 2, 2022 by tgale@ufl.edu

Phishing emails, with malware and dangerous links embedded in them, increase at the start of each semester. Why? Cybercriminals know that new faculty, students, and staff do not yet understand what to expect from UF emails, and whether asking for GatorLink password information in an email is standard conduct. (It isn’t.)

In addition to phishing, social engineering includes deceitful activities like spear phishing, smishing, tailgating, and doxxing. Make time to review the Information Security Office’s
social engineering webpage and become familiar with techniques that cybercriminals use. To help the UF community better understand phishing, Dr. Amanda Phalin, Faculty Senate chair and senior lecturer in Warrington’s Management Department, recorded this video, which explains what it is and how it works.

In the past 12 months, UFIT’s security detection systems have caught 98.5% of phishing messages sent from outside the university. Still, some phishing emails do get through. That’s why being vigilant about what you click on is so important. The phish alert report button in GatorMail lets you report suspicious messages. If you receive an email you suspect is a phish, highlight the email and click on the phish alert report button. This action sends the potentially malicious email directly to the Information Security Office so staff can investigate. Emails from outside UF are marked with the [External Email] banner. Apply extra caution when you see this banner, especially if they purport to be from someone at UF.

Have a great semester and GO GATORS!

Enter Phishle Contest to Win Gift Card

Posted on May 30, 2022October 2, 2022 by tgale@ufl.edu

The UF Information Security Office’s annual summer contest is open June 1 – 30, 2022. This year, all you have to do is play Phishle — UFIT’s information security take on the popular game “Worldle®” — to qualify for weekly gift card drawings.

Never played Phishle? Like Wordle®, Phishle is a word game. But Phishle focuses on players learning about social engineering terms such as phishing, smishing, vishing, and tailgating while solving the daily word puzzle. Phishle launched in Spring 2022 by Spencer Fasulo, a freshman computer science major who interns with the Information Security Office (ISO). Before entering the Phishle contest, check out the ISO’s great new social engineering webpage. You’ll learn what to watch out for and be better equipped to complete the daily Phishle game and win a gift card!

Phishle players get an entry for each 10 words they find. After achieving 10 correct words, fill out the form provided with your contact information. Two gift cards will be awarded each week, with winners announced on UFIT’s Twitter and Instagram accounts. Gift cards will need to be picked up in the 720 Building by local winners. Winners residing outside of Alachua County will receive their gift cards via US Mail.

Beware of Scam Texts and Phone Calls

Posted on May 12, 2022October 2, 2022 by tgale@ufl.edu

Have you received a strange text like this one (pictured)? Smish alert! Smishing and vishing are like phishing, except scammers use different devices to try and trick you into giving up personal information.

Smishing is done through text messages, while vishing happens through phone calls. Smishing attackers are also using instant messaging apps, like WhatsApp!, as well as LinkedIn and Facebook to reach new victims. What do they want? The same things that phishing scammers are after: personal information, account passwords, and your money. Often, scammers employ social engineering tactics by pretending to be someone you know or represent a familiar organization.

The best way to handle smishing and vishing attempts is simple: Delete the message or hang up! As an added measure, depending on your device and cellular provider, you may be able to block and report the sender. It only takes one click, call, or responding to one message to have your personal information stolen or credit card maxed out. And, if that stolen personal information leads to figuring out how to use your GatorLink credentials, then you, your friends, professors, and anyone else on the UF Network could be impacted.

If you are unsure about a communication purporting to be from a UF department–email, text, or phone call–you can always check with the UFIT Help Desk.

Threat to Suspend Your Social Security Number is a SCAM

Posted on December 9, 2021October 2, 2022 by tgale@ufl.edu

Con artists pretending to be with the Social Security Administration (SSA) are utilizing email, text messages, and phone calls to scare people into providing money and/or personal information. Remember: The SSA will never threaten, scare, or pressure you to take an immediate action.

It is a SCAM if someone…
● Warns of imminent arrest or legal action
● Requests payment by gift card, prepaid debit card, internet currency, or mailing cash
● Pressures you for personal information
● Requests secrecy
● Threatens to seize your bank account
● Promises to increase your Social Security benefit
● Says they have evidence against you, or uses the name of a real SSA official

How to protect yourself from Social Security-related scams:
1. Stay calm. Do not provide money or personal information when you feel pressured, threatened, or scared.
2. Hang up on the caller or ignore the text or email.
3. Report Social Security-related scams. If you receive a suspicious call, text, or email that mentions Social Security, report it to the SSA Office of the Inspector General (OIG). Do not be embarrassed if you shared personal information or suffered a financial loss.

UF’s Information Security Office has an Identity Thefts and Scams webpage where you can learn more about the techniques used by cyber criminals.