Are you being phished?

Over the past year, Information Security has performed various phishing tests to gauge the security awareness of the workforce within the University and further educate the University community to be vigilant when interacting with emails. It is crucial to be wary of official-looking messages attempting to bait you into disclosing information. Phishing messages can appear to come from well-known applications, banks, organizations, stores, and contests, but there are several ways to identify emails as phishing attempts. University IT has put together tips using real-life phishing examples that can be found here. If you suspect an email looks “phishy,” do not respond or click any links or attachments. Report suspicious activity immediately to abuse@ rochester.edu; instructions on forwarding emails are available here. Have security questions? Information Security will be holding its next Ask Security Anything session on April 18. Visit the ASA web page for more information.


What To Know About Crypto Scams

Malicious actors are taking to social media platforms to entice users into their crypto schemes. Most popular are investment scams promising zero risk and a high rate of return. These typically start as “out of the blue” texts or emails. Remember, don’t click on any links or ads even if you’re curious or if it is coming from a company you know. If a business or person asks you to pay via crypto, that’s a scam!

Cryptocurrency scams don’t just live within social media. The Federal Trade Commission (FTC) provides insight to all you need to know about Cryptocurrency, how it works, and the scams that come with it.

Join us on April 18th for our next Ask Security Anything session on Social Networking. Participants will have the opportunity to win a $25 Amazon gift card. Visit Information Security’s ASA page for future topics.


Answering fun questions on social media puts your identity in jeopardy

Social media is a common distraction many people use to pass the time, however, University IT warns you may be giving away more personal information than you realize. Social media quizzes that ask you to “combine your first pet’s name and the street you grew up on to formulate your new nickname” are an opportunity for scammers to take your answer and use “Mittens Mt. Hope” to circumvent password security questions. Even worse, they could look at your profile and cross-reference any public-facing information you’re sharing to help steal your identity. The Better Business Bureau offers some tips to avoid social media scams.


You can’t always trust your ‘friends’

Per University IT, there has been a recent uptick of social media posts, direct messages, or comments within a post using cryptic statements to bait you into clicking a link (hence the name, clickbait). You may see a friend has tagged you or others with messages like, “I’m really going to miss him” (with several broken heart emojis) followed by an obituary link, which may spark your eagerness to know who it is and if you know this person as well. Don’t take the bait! Chances are your friend was hacked through this same tactic. These fake links will most likely take you to a page prompting you to sign in to your social media account as if you’re not already logged in. This is all an attempt to steal your credentials and take over your account. The BBB provides additional insight into this scam and how to protect yourself.