CIO'S MESSAGE - October 20, 2020

National Cybersecurity Awareness Month - 
Phishing Awareness Tips

Dear Students and Colleagues,

We’re observing Week 3 of October’s Cybersecurity Awareness Month.  “Do Your Part.  #BeCyberSmart.”

This week’s topic reminds us to always be on the lookout for email phishing scams.  Phishing is the most common way attackers steal information or access systems illegally.  Every one of us is a target, but there are basic measures we can take to minimize our risk and avoid being a victim. 

Phishing email messages are designed to trick you into doing one of these things: 

  • Clicking an unsafe link
  • Opening an unsafe file
  • Typing in your login credentials
  • Transferring money
  • Revealing your personal information

Phishing tricks infographic as noted in bulleted list above

Phishing email messages are designed to make you react quickly without thinking too much.  Once you are aware of the phishing tactics, it should help make it more obvious to spot an attempted attack.  Below are a few common phishing scenarios and what you should do to protect yourself.

Phishing Scenario What You Should Do
Urgent or threatening email to deactivate an account and require you to update your account information right away Verify with your bank or the company regarding the situation before taking action or giving out any personal information.
Unsolicited fake job offer that asks you to deposit a check before you even got the job Verify before responding.  These job offers are part of a money laundering scheme with the only intent to steal your personal information to commit fraud.
Offers free money, contest winnings, or fake rewards Ignore and delete immediately as these email scams require you to click on a link to enter your personal information.
“Hey, are you available” or “Are you at your desk” emails; attacker impersonates as your manager and asks you to buy gift cards or pay an invoice Contact your manager via their University email or a phone call to verify the legitimacy of the request before taking any action.  Do not proceed without verified proof if it is a legitimate request.
Odd requests for confirmation and approval Whether these odd requests appear in your email or as text messages on your mobile phone, if you were not expecting the request, ignore or delete it.
Fake crisis, sensational news, or Coronavirus theme-related notices Take time to verify the organization’s official website and fight the urge to comply with crisis-related requests in stressful times.

What can you do when you receive a phishing email?

What to do if you become a victim of phishing?

  • Change your password right away
  • Contact 
  • Delete the email
  • File a complaint with the FBI’s Internet Crime Complaint Center (if you suffer a financial loss or if your identity was stolen) 

Remember to “Do Your Part. #BeCyberSmart.” 

Additional Resources

Next week, we will cover the topic of “Staying Safe Online.”
Previous Week 2 message: If you connect it, protect it.  

Cuc Du
Information Security Officer