
Cyber Threats
Higher education is a prime target of cybercriminals. Vast amounts of valuable data, including personal information, intellectual property, and financial details, make universities vulnerable to cybercrime. According to “Cyber Attack Trends: 2022 Mid-Year Report”, attacks against higher education increased 114% between 2020 and 2022. Therefore, it is critical for all of us to integrate cybersecurity awareness into our daily routine. Below are some guidelines to follow in an effort to keep UAH and your information cyber secure.
Keep Your Phish Hooks Sharp
Phishing is one of the most pervasive and detrimental cyber threats impacting universities. Phishing emails may appear to come from university IT departments, faculty members, or even classmates. Links to fake websites are often included which, when clicked, install malware or steal users’ information.
Ways to recognize phishing attempts:
- Sense of urgency or threat
- Sender is not legitimate. Pay close attention if [External] is at the beginning of the subject line.
- Spoofed links directing you to an invalid URL. Hover over the URL without clicking to see where a link may take you.
- Grammar and spelling errors
- Requests for sensitive information
- Unrealistic discounts, exclusive offers, or prizes
What to do after receiving a suspicious email:
- Do NOT click on any links!
- Do NOT respond to the email.
- In Gmail, you can click the “Report phishing” button.
- For additional help, you may forward the email to the OIT Help Desk at helpdesk@uah.edu
- Delete the email to prevent accidentally clicking links within it at a later date.
Take a ‘Byte’ Out of Malware
Malware (“malicious software”) is any software created to disrupt, damage, or gain unauthorized access to a computer system. Recent studies have shown a 50% increase in malware attacks within universities in the last year. Such strikes often involve phishing emails, ransomware, and strategies to steal user credentials.
Tips to avoid malware:
- Practice safe browsing habits by avoiding suspicious links and pop ups.
- Use good email hygiene! As mentioned previously, do not open attachments or click links in suspicious emails.
- Use strong, unique passwords.
- Consider using multi-factor authentication.
- Keep operating systems and applications updated.
- Use antivirus and anti-malware software.
Social Engineering (NOT a UAH Degree!)
Social engineering, within information security, is the manipulation and deception of individuals into divulging confidential or personal information that may be used for fraudulent purposes. Social engineers often exploit trust and urgency to achieve their mission.
Common examples targeting universities:
- Fake Job Scams - This scam often targets students and recent graduates. Scammers advertise for fake jobs in emails, on job sites, and on social media. They might even mail you a check to deposit and then tell you to send money to another account. Do NOT deposit the check. It is FAKE. Do NOT send the money they requested.
- Tech Support Scams - A scammer pretends to be an IT support technician, with the goal of tricking the victim into revealing sensitive information and/or giving the scammer access to their computer. OIT will never ask for your password or your Duo MFA from your app.
- Pay-for-Training Schemes - This scam requires payment for training before being hired. Legitimate employers usually cover training costs.
- Fake Recruiters - Scammers impersonate recruiters from known companies and ask for sensitive information or request payment for a background check.
RED FLAGS to watch for:
- As applies to all phishing emails, notice unprofessional communication. Poor grammar, spelling errors, or unprofessional email addresses can be indicators of a scam.
- Take note of vague job descriptions. Valid job postings usually define a clear role.
- Be suspicious if there are offers that are just too good to be true.
- Be cautious if sensitive information is requested.
In today’s interconnected world, cyber awareness is critical and a shared responsibility. Understanding the strategies used by cybercriminals and recognizing the signs of potential threats is essential in protecting our digital landscape and keeping UAH #ChargerSecure.