Staying safe online: A message from UIC’s Security Team
Dear faculty and staff,
Helping the UIC community stay safe online is one of our priorities at Technology Solutions. While our Security Team works hard behind the scenes to minimize threats, cybercriminals find new sophisticated and believable ways to trick you, particularly through email and text messages.
In honor of Cybersecurity Awareness Month, we wanted to remind you of the common scams targeting UIC faculty and staff:
- Duo 2-Factor Authentication scam
Scammers will send you Duo 2FA prompts using your leaked or compromised password with the hopes to annoy or trick you into accepting the request. If you receive unsolicited Duo 2FA authentication requests, DO NOT authenticate them. Immediately change your password to protect your account and “Deny” the authentication requests. - Email scams (phishing)
Phishing emails are fraudulent emails that try to trick the recipient into entering login credentials on a fake website, opening an attachment or duping you into sharing other sensitive information. These emails can be hard to detect but common scams are:- Password notifications – False emails claiming you requested a password change and prompt you to log in immediately to cancel the request.
- Voicemail messages – Scammers try to trick you into opening an audio attachment or logging into a fake website claiming you have an urgent voicemail so that they can steal your password or trick you into opening a malicious file.
- Receipts and invoices – Scammers posing as popular online retailers, such as Amazon, send emails with a fake receipt or invoice attachment and urge you to review or take action to cancel the order.
- Shipping notifications – Be aware of emails impersonating shipping companies with fake delivery notifications or shipping status alerts similar to receipt and invoice scams.
- Gift card scam
Scammers will pose as university leaders within your own department and send you an urgent request to purchase gift cards. They will often ask that you send photos of the gift cards to a personal email account or via text message. Always verify urgent requests directly using another method, such as a phone call, before taking action. Be wary; oftentimes, the scammer will say that they are at an important meeting and unable to respond if you attempt to contact them directly.
Criminals are crafty and look for new opportunities to steal information or assets. To learn about other scams, safety tips and to see the 2022 student cybersecurity awareness campaign, visit the Cybersecurity Awareness Month webpage.
Mandatory security training (coming soon)
The Technology Solutions Security Team will be administering mandatory comprehensive security training conducted by KnowBe4, a leader in security awareness training.
University policy requires all faculty and staff to complete information security awareness training biennially. More details on the biennial training will be sent in the coming weeks.
The Technology Solutions Security Team is committed to keeping the UIC community safe from cyberattacks and hopes to raise awareness and emphasize the importance of recognizing malicious email and other potential security events.
Please contact security@uic.edu with any questions.
Regards,
Jason Maslanka
Chief Technology Officer
Interim Chief Information Security Officer
For more information, please contact:
Jason Maslanka
jasonm@uic.edu
Categories