Cyber criminals have increased their ransomware attacks and email-based scams against universities, and the UCF Information Security Office continues to see a rise in reported gift card scams. Both threats are generally delivered via phishing emails and InfoSec wants to remind you to stay alert. By staying aware of these scam messages and reporting them, you’re protecting yourself, your coworkers and the university.
Ransomware attacks
Within the last few weeks, we have seen three universities fall victim to ransomware attacks. The attackers steal sensitive data, prevent the university from accessing their systems, and threaten to release the stolen data if the university does not pay the ransom demand.
You can help protect yourself and UCF by staying alert for phishing emails. Be suspicious of any email that:
- claims to offer late-breaking COVID-19 information;
- asks you to download an attachment or click a link to get updates on recent events, such as COVID-19, financial stimulus payments, or protests in your area;
- prompts you to provide your UCF network credentials to access an important message.
Gift card scams
Scammers continue to send emails impersonating supervisors at UCF. In some situations, the scammer will request your phone number to receive a text message. If you respond, the scammer will ask you to purchase gift cards for a special event. Remember, an unexpected email may be a gift card scam if:
- it asks you for your available text number;
- it prompts you with questions such as, “are you available?” or “are you free now?”;
- the sender’s email address ends in @gmail, @yahoo, or anything other than @ucf.edu;
- the sender claims to be in a meeting and unable to take calls;
- it asks you to purchase gift cards for a special event or office surprise;
- it asks for a money transfer using mobile applications such as Zelle, Venmo, etc.
UCF InfoSec recommends not responding to such emails. Engaging with the scammers carries several risks:
- providing your cell phone number may lead to phishing text messages (known as smishing);
- the scammers will know your email address is valid and active, and you may receive more phishing emails as a result;
- sharing sensitive information may lead to identity theft or financial loss;
- the fake email address may be added to your suggested contacts list in Outlook, which could result in accidental data disclosure if you’re not careful when composing future messages.
For more information about gift card scams, please see our website: https://infosec.ucf.edu/awareness/phishing/gift-card-scam/ .
Report suspicious emails to the Security Incident Response Team by using the Phish Alert button: https://infosec.ucf.edu/awareness/phish-alert-button/ .
Please visit the Information Security Office website at https://infosec.ucf.edu or contact us at infosec@ucf.edu if you have any questions.
Thank you for your continued vigilance against cyber attacks!
UCF Information Security Office
infosec@ucf.edu
https://infosec.ucf.edu