Slam the Scam, Gators!

March 7, 2024, is national “Slam the Scam!” day. This annual federal outreach initiative was launched during the pandemic to call attention to phone, direct message (DM), text, and email crimes. These scams have intensified and become more sophisticated.  Here are some warning signs to be aware of to help you slam the scam:

You are contacted unexpectedly by phone, email, text, DM, or pop-up message with a request for personal information or money. These crimes are successful because scammers use convincing stories: there’s a problem with your account, there’s a hold on your classes, there’s an issue with a package delivery, or an emergency with a loved one. Scammers pretend to be someone important who needs help, or pose as an employee from a familiar organization. Scammers tell you it is urgent you take action and often create fake caller ID information. If you get asked for personal information or money, make sure you verify the person who has contacted you before acting on any request. If it is a legitimate request the person will not mind. And never click a link or download an attachment from someone or an organization you don’t know.

Scammers use emotional triggers, like love or fear, to trick you into taking action. You may be asked to send a wire transfer or to purchase pre-loaded debit cards or gift cards. Another popular (read: successful) scam is receiving a check that is for more than expected, with the scammer asking you to repay the overage via the code from a pre-paid gift card or by a bank transfer.

The scammer might ask for your GatorLink credentials, bank account number, UFID, or even your Social Security number. Scammers often direct you to a website that looks legit (but isn’t). They’ll ask you to enter your name and password using pop-up messages on your computer or your mobile device, with a request to allow a software program to run. Don’t do it! Sometimes scammers provide a callback number or say that you can trust Caller ID when you question them. Remember…When in doubt, don’t give that information out!

It has become commonplace to receive scam texts (“smishing“) and phishing emails. The best protection from scammers is to familiarize yourself with how scams work.  If you receive an email in your GatorMail that makes you suspicious, click on the Phish Alert Button in MS Outlook located on the top right of your email, or forward it to abuse@ufl.edu.

The Institutional Impacts of a Cyberattack

Higher education is facing an exponentially growing threat: Cyberattacks. Check Point Software reports educational institutions experienced an average of 2,507 cyberattack attempts per institution per week in the first three months of 2023 alone! Universities and colleges are at a high risk of suffering a data breach or a ransomware attack because the amount and types of data created and stored is extremely valuable to cybercriminals–data like student records, banking information, protected health information, and research data. Restricted data falling into the wrong hands can be devastating for UF, its constituents, to university business partnerships, and for funding from federal and state agencies. The welfare of the campus community and even our recruitment capabilities are all on the line.

Information security is our shared responsibility! Faculty, students, and staff must all be aware of what’s at stake, and do their part to help protect UF from cyberattacks. According to a 2023 IBM Security report, data breaches initiated through compromised credentials (such as GatorLink login information) take the longest for institutions to resolve and can be incredibly costly. Help prevent data breaches by practicing caution when opening any email received in your GatorMail marked [EXTERNAL EMAIL]. These emails come from outside the UF organization and could potentially be phishing attempts. Pay close attention to any email requesting your GatorLink login or other personally identifiable information, and report suspicious messages directly to UFIT with the phish alert report button in the top right corner of your GatorMail.

UFIT’s Information Security Office’s website has recently refreshed its online presence with new resources. Take some time to visit https://security.ufl.edu/protect-yourself/social-engineering/ and learn about different types of cyberattacks and some best practices for protecting yourself…and UF.

ChatGPT: Guidelines for Campus Usage

Responses provided by the ChatGPT application can save time, but beware: the data you input or ask the app to develop may be retained and provided as responses to other users. ChatGPT users have very limited control over its use of the data provided to the app, and its parent company–OpenAI–does not currently offer a process to amend or delete entries submitted. UF’s Privacy Office and the UF Information Security Office want everyone in the Gator community to understand that putting data into ChatGPT or a similar service is equivalent to disclosing the data to the public.

ChatGPT is currently being assessed for regulatory concerns related to privacy and confidentiality of data. University of Florida data classified as sensitive or restricted is not approved for use with ChatGPT. Sensitive and restricted data includes:

Social Security Numbers
Education Records
Employee Data
Credit Card Numbers
Protected Health Information
Human Subject Research Data
Unpublished Research Data
Personally Identifiable Information

An assessment of ChatGPT has been added to the university’s technology solutions website: https://irm.ufl.edu/fast-path-solutions/items/chatgpt.html. Remember that all faculty, staff, and students share the responsibility of keeping UF information secure. Visit the Office of Privacy website for additional information on using ChatGPT.

Learn How Doxxing Attacks Work

Recently, news outlets reported threats to a U.S. Supreme Court justice. What began as a social media attack became potentially a physical assault. This type of attack is called “doxxing.” Doxxing is defined as publicly revealing previously private information about an individual or organization, usually via the internet.

Doxxing attacks often focus on a journalist or public figure–like a faculty member–over something they have written. An individual or group opposed to what’s published can severely disrupt the author’s life, and in extreme cases their safety is threatened. Doxxing frequently results in abusive phone calls and text messages, sometimes in conjunction with a social media campaign or series of emails designed to harass and intimidate the writer.

The first step to protecting yourself against doxxing is to find out what information about you is publicly available. Conduct online searches in multiple browsers (e.g., Google, Firefox, Safari) and find out what others can see. Then, request removal of private information you find listed on any website. Also, be careful what you share on social media, especially information that could be used to find you or your family, such as location data in photos or posts. The most important step is to secure all your accounts with strong passwords and multi-factor authentication whenever possible. Visit UF’s Information Security Office “Protect My…” webpage and learn more about keeping personal information private.

Enter Phishle Contest to Win Gift Card

The UF Information Security Office’s annual summer contest is open June 1 – 30, 2022. This year, all you have to do is play Phishle — UFIT’s information security take on the popular game “Worldle®” — to qualify for weekly gift card drawings.

Never played Phishle? Like Wordle®, Phishle is a word game. But Phishle focuses on players learning about social engineering terms such as phishing, smishing, vishing, and tailgating while solving the daily word puzzle. Phishle launched in Spring 2022 by Spencer Fasulo, a freshman computer science major who interns with the Information Security Office (ISO). Before entering the Phishle contest, check out the ISO’s great new social engineering webpage. You’ll learn what to watch out for and be better equipped to complete the daily Phishle game and win a gift card!

Phishle players get an entry for each 10 words they find. After achieving 10 correct words, fill out the form provided with your contact information. Two gift cards will be awarded each week, with winners announced on UFIT’s Twitter and Instagram accounts. Gift cards will need to be picked up in the 720 Building by local winners. Winners residing outside of Alachua County will receive their gift cards via US Mail.

Secure the Swamp Online Scavenger Hunt

October 2021 marks the 18th year of Cybersecurity Awareness Month. With the increasing threat of cyberattacks to universities around the world, information security is more timely than ever. UF participates in the initiative every year to empower students, faculty, and staff to own their role in protecting themselves and the university.

This year’s campaign is centered on a “Secure the Swamp!” online scavenger hunt. Each week in October, UFIT will share tips on social media focusing on three themes: phishing, securing your remote work environment, and mobile device security. Students and employees can then test their cybersecurity knowledge by answering four questions on these topics. The hunt begins on Monday, October 25, at 8 a.m. and ends Friday, October 29, at 5 p.m. Participants will have the opportunity to win an exclusive “Secure the Swamp!” T-shirt.

Remember, the UF Information Security Office can’t protect UF by itself. It’s our shared responsibility to keep the university’s data and systems secure. Visit https://security.ufl.edu/ to participate in the scavenger hunt and find more resources. Also, follow UFIT on Twitter (@GoGatorsUFIT), Facebook (@GoGators.UFIT), Instagram (@gogators_ufit), and YouTube (/GoGatorsUFIT) for some clues!