How to not get scammed in your UNF email; UNF IT Security explains phishing emails
September 25, 2020
Do you like fishing? Well phishing is kind of similar, but while you won’t catch a monster bass, someone could catch your Instagram password.
Scam emails are really annoying, but unfortunately our UNF email isn’t immune to fraud. Though, the UNF IT Security has a lot in store to help students and employees avoid becoming victims of cyber-attacks.
Spinnaker held an interview with UNF Assistant Director of IT Security, Jeffery Gouge, in which he explained that sometimes people would impersonate him, and send emails to UNF leaders, such as President Szymanski, the UNF Vice President, the Provost, and Athletic Directors in hopes of gaining access to credentials or sensitive information.
Phishing emails are a “cybercrime” and an attempt to gain someone’s sensitive information like passwords, and bank card details to access important accounts, according to Phishing.com.
Phishing emails could include personal or company information which can make you think that they are real emails. Victims of the fraud could face identity theft and financial loss.
“Sometimes just clicking on a link in an email that you think is good, but is not, could get your machine taken over,” Gouge explained. “All of a sudden they don’t need to steal your password — they can just watch every keystroke you make with a keylogger software or some other type of malware that sends them the screen in which they can watch everything you’re doing.”
The email above is an example of a phishing scam that uses an outside email address – one that doesn’t end in “unf.edu.” There are grammar errors and the writer is urging you to click the click – these are some characteristics of a scam.
Simulated phishing tests are sent to students’ email addresses periodically. The software that UNF uses for the tests, KnowBe4, has somewhere around 4,000 different templates of fake email tests. If you have clicked on the link, not knowing it was a test, you may have been met with “Oops! You clicked on a simulated phishing test,” and three rules:
- “Always stop, look, and think before you click!”
- “Check for red flags that indicate a phishing attack is happening.”
- “Verify suspicious emails with the sender through a different medium.”
You may also be asked to complete a security awareness training course.
“To combat phishing, we have a lot of things in place,” Gouge said. “The best defense against phishing is training. […] For students that are employees, we actually use training to help, and use live simulated tests of phishing every month. We work to reduce the amount of times that people click the simulated link. When we first did a test, well over 25% of our users would click and type in their credentials to links on email. One out of four people is pretty high -kind of a scary number.”
Another test was performed, around this time last year, and resulted in about a 14% fail rate.
“So, it got a little better,” Gouge said. “We have a reducing scale, at least on the employee side. We went from 25% to 14%, then all the way down to 8%. So, we’re working our way down, and it’s just about training overtime.”
Some phishing emails were identified as phishing somewhere else, and Microsoft has already gone through and blocked it for us.
“If an email’s marked bad at FSU and we haven’t gotten it yet, and Microsoft found out it was mad, it wouldn’t even make it to our mailboxes,” Gouge said.
There are various systems in place that help prevent phishing scams. The University has a Next Generation Firewall that blocks a lot of things coming in by itself. They also have cloud protections like Email Advanced Threat Protection (ATP).
UNF IT services has a lot of tips that can help you prevent being scammed on their website.
Make sure you don’t reply to emails asking for personal information. If you think you’ve been scammed, you can file a complaint to the Federal Trade Commission (FTC) , then go to the FTC’s Identity Theft website.
UNF urges student employees to report suspicious emails to their supervisor or IT team. You can also report phishing emails directly to Microsoft via the Outlook Phish Alert Add-in which helps ensure that you and other users of Microsoft receive fewer phishing emails.
If you see something fishy, like the infamous “Nigerian Prince” asking for your bank account, don’t be afraid to report it.
“There are many ways that internet criminals will try to scam you. Stay alert—YOU are the last line of defense!” – KnowBe4
__
For more information or news tips, or if you see an error in this story or have any compliments or concerns, contact editor@unfspinnaker.com.