Since UF adopted multi-factor authentication (MFA), the number of compromised GatorLink accounts has decreased by 99.7%. Using the multi-factor authentication app provides additional protection to the university’s systems and services. This means your personal information as well as your research files, proposals, and all university data, is better secured.
Tips to enhance your MFA experience:
1. Add a second device to your MFA account, in case your primary device is lost or stolen. UFIT created a short video explaining how to add a device.
2. Use a passcode to authenticate even without an internet connection or cell service. Open the Duo app, then tap the University of Florida drop-down tab on the home screen. Type in the six-digit code provided when logging into UF services.
3. Check the “Remember Me” option to not be prompted to authenticate for 10 hours, as long as you’re using the same browser on the same device.
Visit it.ufl.edu/2fa or contact the UF Computing Help Desk (firstname.lastname@example.org, 352-392-HELP/4357, 132 Hub) for assistance using multi-factor authentication.
Students are reporting suspicious emails in their Gmail or other non-UF inboxes, claiming to be from instructors. These phishing scams enable cybercriminals posing as faculty to convince students to deposit fake checks or send gift cards. Because students often handle email on their phones–where full email addresses are obscured–it isn’t immediately apparent that the email is a phish.
Impostor emails attempt to lure students with high-paying job opportunities and often come from faculty members the student doesn’t know. Cybercriminals can find enough information online to impersonate faculty without having to hack into their UF account. The proliferation of these scams is a great reminder to always be cautious when clicking on any email, no matter who they seem to come from.
1. Even if a phishing email doesn’t include a malicious link or attachment, it’s still just as dangerous if you respond.
2. The [External Email] tag will appear in the body of emails originating from outside the university, alerting you that it may well be malicious.
If you think an email in your Gmail or non-UF inbox is a phish, forward the message as an attachment to email@example.com.
UF’s 5,712 international students, along with our international faculty and staff population, are prime targets for criminals who want to leverage their immigration status to steal money and sensitive data.
The UF International Center (UFIC) reported several cases of phishing emails and phone calls from cybercriminals posing as representatives of the U.S. Department of Homeland Security or U.S. Immigration and Customs Enforcement. Scams include threats of deportation, visa revocation, or phony visa lottery acceptances. The fake messages are schemes to solicit money or sensitive information (e.g. Social Security numbers, credit card information, etc.).
“We cannot emphasize enough how important it is for our international students to be aware of scams and phishing attempts that can impact their legal status, identity, and financial future,” said Debra Anderson, director of International Student Support Services for UFIC.
Everyone, regardless of visa status, should think twice before automatically clicking on an email attachment. U.S. government agencies never demand immediate payment over the phone or via email. In fact, contact with U.S. agencies involved in immigration issues always starts with a letter, not a phone call or an email. If you think an email in your GatorMail is suspicious, report it with the Phish Alert Button so UF’s Information Security Office can investigate further.
In 2019, audits were conducted of the state’s 12 public universities. The report recommended that the University of Florida enhance its existing information security awareness program with mandatory annual faculty and staff training. This summer, UFIT developed a new training program to meet the Florida Board of Governors recommendation.
“Protecting UF: Information Security Training” consists of four modules: phishing awareness, restricted data, cloud and sharing tools, and general safeguards. Training takes approximately 30-40 minutes to complete and is mandatory for faculty and staff. Emails will deploy from the myTraining portal in the next few days notifying the UF community that training is available. Training must be completed by the close of the fall 2020 semester, with the annual reminder date for re-certification based upon the initial completion date. As part of the Protecting UF program, in January all enrolled students will see a “to do” reminder in ONE.UF to take the phishing awareness training.
This effort is part of a larger program to inform the UF community on how to protect teaching, learning, research, and online activities. Please visit the Information Security Office website for additional information on this training and other security topics.
Checking the age of your passwords and reviewing an email link or attachment before opening it can go a long way in protecting yourself from a cyber attack. It’s the world we now live in, so here are some reminders that could save you a lot of heartache and financial and/or identity problems:
1. Check before you click.
Never click on links or open attachments without inspecting the email first. With the enormous volume of malicious emails created and sent every day, being cautious is crucial. Always hover over the email address and look for signs of a scam.
2. Protect and update your passwords.
When was the last time you updated your passwords? Experts recommend updating them every 60 days! Not only should you update passwords, but you should use a passPHRASE. The longer your passwords are, the better.
3. Never leave your electronic devices unattended.
As tempting as it is to ask someone to watch your laptop while in Marston, don’t take this risk. Always take your portable items with you, even if it’s just “for a minute” while you are at the reference desk.
For more ways to be cyber aware, read the Psychology of Phishing story on UFIT News or visit the Information Security Office website.