To: The Campus Community
From: Arlene Yetnikoff, Chief Information Security Officer
As we get near the end of the calendar year and into the hustle and bustle of the Holiday season, it's a good idea to keep in mind that cyber criminals are never on holiday and in fact, the holiday season usually sees an increase in cyber scams. The first line of defense against these traps is our own vigilance for new (and old) scams that are more prominent this time of year.
One starting goal of cyber criminals is to get a victim to communicate with them either through email, sms texts, social media or even over the phone. They want to initially get to be trusted and for potential victims to believe they are who they are pretending to be. Once this initial hurdle is crossed, the rest of the scam is far easier to execute.
Some things to keep in mind all year long and especially this time of year is to adjust your level of scrutiny on new messages up a few notches. Whether it's an email, a text or a phone call, cyber criminals are initially attempting to get you to believe they are your bank, or some well-known company many do business with – such as Amazon, Fedex, UPS, or the Geek Squad. They often accomplish this by presenting a fake order number, invoice, or some other piece of information that sounds legitimate and looks like other business communications.
This is where your extremely high scrutiny level will protect you. You ignore all the provided information and, especially, the links in the communication since they cannot necessarily be trusted. If you believe there is a chance the communication is legitimate, you'd pull up a browser and go directly to the company's website where you do business with them.
Other things to look for are misspellings in communications sent to you, especially in company names, subjects or email addresses, phone numbers that don't match what's on the vendor website.
Some of the new and old attacks we see
- Spoofed Order Receipt
- Fake Shipment Tracking
- Charity Contribution Scam
- Gift Card Scam
- Fake Holiday Promotions
- Boss or Grandboss needs your help
- Fake payroll direct deposit change request
If you come across such phishing scams, please report it to IMSS Information Security by sending a copy to [email protected].