UF social engineering – University of Florida Information Technology News

Rescuing a Hacked Social Media Account

Posted on May 11, 2023

Social media is an essential part of our daily routine but it also exposes users to cyberthreats. Hackers can access personal information through tactics like creating fake login pages, impersonating brand representatives, pretending to be a hiring manager, or even posing as a good friend to trick us into providing login information. Hackers also exploit vulnerabilities such data breaches, weak passwords, and outdated software. A July 2022 NordVPN story revealed 37% of Americans surveyed have had a social media account hacked.

Social media platforms send alerts when login information is changed. If you receive an alert for an unrecognized change, change your password immediately. If you can’t access your account, contact the platform’s customer support and be ready to provide proof of ownership, like a valid state-issued ID.

Always allow software, app, and system security updates to run on your devices, Gators! Adding multi-factor authentication (MFA) to social media also strengthens your accounts’ security. (It’s a good idea to add MFA to all your online accounts, especially ones that store personal information and payment information.) Create different passwords for each platform and don’t use Gatorlink credentials (e.g., your UF email and password) on any social accounts. Check out UFIT’s tips for using MFA and social engineering website to learn how scammers try to seperate you from your money, accounts, and identity.

Safely Use Virtual Payment Apps

Posted on May 4, 2023

Scammers use peer-to-peer (P2P) payment apps like Cash App, Zelle, and Venmo to steal money. According to the Pew Research Center, 10% of P2P app users have been scammed. P2P apps allow users to easily send money with a phone tap. But if it’s convenient for you, it’s also convenient for scammers.

Vishing or smishing is often used to initiate P2P scams. For example, a scammer may impersonate a bank representative in a call or text to a victim about a “suspicious transaction” on their Zelle account. The scammer will request the victim’s bank login information to resolve the concern but will use the information to steal money. A bank representative will never ask for your username and password to access your account. Stay cyber-secure by only sending money to people you know, and double-checking you are sending money to the correct name, phone number, and username. Also, you should only use a credit card for transactions with strangers, because credit cards have fraud protection. And Gators, make sure to allow app updates (or install them when they become available on your device) for the latest security enhancements, like multi-factor authentication updates and app safety features.

Learn to protect yourself online by becoming more cyber-aware. Schedule a ½ hour to take the https://security.ufl.edu/resources/training/information-security-training/ today.

Beware of Scam Texts and Phone Calls

Posted on May 12, 2022April 22, 2024

Have you received a strange text like this one (pictured)? Smish alert! Smishing and vishing are like phishing, except scammers use different devices to try and trick you into giving up personal information.

Smishing is done through text messages, while vishing happens through phone calls. Smishing attackers are also using instant messaging apps, like WhatsApp!, as well as LinkedIn and Facebook to reach new victims. What do they want? The same things that phishing scammers are after: personal information, account passwords, and your money. Often, scammers employ social engineering tactics by pretending to be someone you know or represent a familiar organization.

The best way to handle smishing and vishing attempts is simple: Delete the message or hang up! As an added measure, depending on your device and cellular provider, you may be able to block and report the sender. It only takes one click, call, or responding to one message to have your personal information stolen or credit card maxed out. And, if that stolen personal information leads to figuring out how to use your GatorLink credentials, then you, your friends, professors, and anyone else on the UF Network could be impacted.

If you are unsure about a communication purporting to be from a UF department–email, text, or phone call–you can always check with the UFIT Help Desk.