An Osprey Update was sent out on Aug. 22 warning students of a phishing email scam that has targeted Florida public university students. According to the email, attackers are targeting students’ banking account information and are using directed attacks in the form of phishing emails and fake websites. The information they want from students are login credentials.

“The attackers then use that login to redirect financial reimbursements by changing where direct deposits go,” the statement said. “These types of phishing emails don’t appear to be taking place at UNF but have taken place at Florida Gulf Coast University. The rise in these attacks roughly corresponds with the timing of the start of the fall semester as well as the disbursement of funds from aid and other grants.”

The University encourages students to follow security best practices when dealing with sensitive information and to use the following guidelines:

• You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts and other personal or University accounts. UNF will never contact you using a return email address that isn’t @unf.edu. If you receive a questionable email or an email asking for passwords and login information, don’t respond. No reputable organization should ever ask for your login and password. If someone at the University does, this should be reported to IT Security immediately.
• Don’t send sensitive information via email. Email is an insecure communications method, similar to sending a postcard in the mail. Consider contacting the organization by phone. Be careful of using phone numbers from email that is trying to solicit sensitive information from you—these could direct you to a fake call center, where you will be asked to divulge your information.
• Use multi-factor authentication (using two or more forms of evidence to login to your account, such as logging into a website and getting prompted to enter a code sent to your mobile device). Not all services offer this but use it where available, as it will provide an extra layer of protection, if your credentials are compromised.

—
For more information or news tips, or if you see an error in this story or have any compliments or concerns, contact [email protected].