IT security tip: Think before you click
The number of universities and hospitals impacted by ransomware continues to increase rapidly. Why? Criminals use phishing as a primary entry point to deploy ransomware.
For all members of the University of Utah community: Think before you click!
In most instances of phishing, the goal of the criminal(s) is to steal something from you or the organization you work for. In any email, especially those with a link or an attachment, watch for:
- Demands or insistence that you take immediate action.
- Possibly with implied or explicit consequences if you do not.
- Example: "Reset your password now or your access will be terminated."
- A deal that is too good to be true.
- Possibly with implied or explicit consequences if you do not.
- Unfamiliar greetings from people you know.
- An email from a friend has a greeting that is too formal or vague.
- Errors in the email address.
- Different characters in the username and domain (e.g., utah.edu) than what you expect.
- Example: “jane.smith@0utlook.com” uses a zero instead of an O for Outlook.
- Different characters in the username and domain (e.g., utah.edu) than what you expect.
- Unexpected or unrequested attachments.
-
- Example: "Your updated W4.pdf" arrives as an attachment.
-
- An email that requests your sensitive information.
-
- Example: "Two iPhone 14 Pro Max phones were purchased on your credit card. Please respond to this message with your credit card number if you did not authorize this purchase. Please include your full name, DOB, SSN, and Driver's License number to confirm your identity."
-
Take a couple of extra seconds to evaluate an email when you notice these kinds of warning signs. You can access real samples of phishes that your colleagues or classmates have encountered by checking out the Information Security Office’s Phish Tank.
If at any time you think you have been sent a phish, don't hesitate to use the Phish Alert button or forward the message as an attachment to phish@utah.edu. If you mistakenly select a link or open an unexpected attachment, immediately call the IT Security Operations Center at 801-587-1925. They are here to help you!
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.