Welcome back, or, for those new to the College, welcome aboard! As you start this new academic year you’ll be receiving a myriad of new emails from the University, College, and Department containing new or updated information. Intermingled with the official email will be official-looking email trying to trick you into revealing private information. These scam messages, commonly known as phishing, are extremely common due UF’s massive amount of data. Help safeguard this data by being aware and recognizing a phish rather than being tricked by it:

1. Spot the Phish – Even though phishing attacks appear to come from a familiar person, group, or business, they can be spotted because they typically contain an implied threat (loosing access to an account or being liable for a bill). There are many other ways to identify these attacks discussed in “Phishing… Again!” (https://www.it.eng.ufl.edu/2017/02/phishing-again/) or at the “Identity Theft and Scams” page (https://security.ufl.edu/learn-information-security/protect-yourself/email/id-theft-scams/phishing-email/) maintained by the UF’s Information Security & Compliance Office. Additionally, UFIT offers a fun, interactive training about defending yourself in today’s digital world called CYBERSECURITY@UF (https://training.it.ufl.edu/training/items/cyber-security–uf-.html (no longer available)).
2. Protect Yourself – Two-factor authentication, 2FA, strengthens access security by requiring two login methods, something you known (your password) and something you have (a security token), to verify your identity. UF’s 2FA system uses your cell phone, your desk phone, or a unique key fob as your security token. When 2FA is enabled, if your password is ever compromised your login is usually still safe because the bad-guy doesn’t have access to your second factor. UF’s 2FA is currently opt-in and available for self-enrollment. More information about it can be found at https://it.ufl.edu/2fa/.
3. Check the IT Alerts Portal – When phishing attacks are caught at UF they are typically posted on the UF IT Alerts Portal (https://alerts.it.ufl.edu/). At the time this message was sent, the UF IT Alerts Portal had 8 email scams reported. So, checking the portal yourself can be easy confirmation that a message you received is not legitimate.
4. Alert UF IT – When in doubt, forward the email to the UF IT Security Office (https://security.ufl.edu/learn-information-security/protect-yourself/email/reporting-email-abuse-at-uf/) (it is also a good idea to attach the message as an EML document which includes full message headers). The UF IT Security Office can respond quicker and in more effective ways if you are able to provide full headers, but reports without them are still valuable. If you accidently fall victim to a phishing attack, immediately reset your Gatorlink password and call the UF Help Desk (352-392-HELP (4357)) for further instructions.

This year UF IT Security has provided a summary of available security resources at https://security.ufl.edu/resources. Additionally, you can always reach out to your local IT support office with any questions or comments.

References

High Volume of Phishing Attacks at UF: https://news.it.ufl.edu/security/high-volume-of-phishing-attacks-at-uf/ (UFIT News article expired and was removed October 2022)
Protecting Yourself – Email: https://security.ufl.edu/learn-information-security/protect-yourself/email/
Two-Factor Authentication: https://it.ufl.edu/2fa/
Cyber Security@UF Training: https://training.it.ufl.edu/training/items/cyber-security–uf-.html (link is no longer valid)
Cyber Safeguards for Restricted Data: https://training.it.ufl.edu/training/items/cyber-safeguards-for-restricted-data.html
IT Alerts Dashboard: https://alerts.it.ufl.edu/
Phishing… Again!: https://www.it.eng.ufl.edu/2017/02/phishing-again/
Additional Safeguards for UF Email: TAP: https://www.it.eng.ufl.edu/2017/09/additional-safeguards-for-uf-email-tap/
TAP URL Decoder (provided by IFAS): https://itsa.ifas.ufl.edu/email/proofpoint.shtml