Cybercriminals know the best strategies for gaining access to the university’s sensitive data – Social Engineering. They simply manipulate your trust by posing as something or someone you trust. According to experts at IBM, human error accounts for 95% of security incidents. Protect your data by familiarizing yourself with the various techniques and telltale signs of social engineering attacks.

DO THESE THINGS TO PROTECT YOUR DATA

• Do use caution with all communication delivery methods.
  Phishing isn’t relegated to just email! Cybercriminals launch phishing attacks through phone calls, text messages, or other online messaging applications. Don’t know the sender or caller? Does it seem too good to be true? It’s probably a phishing attack. Let your voicemail take the message, listen to it, and decide whether it warrants a call-back.

• Do watch carefully for subtle signs of phishing.
  Does the email contain a vague salutation, spelling or grammatical errors, an urgent request, or an offer that seems impossibly good? Click that delete button.

• Do verify the sender.
  Check the sender’s email address to make sure it’s legitimate. If it appears that the OIT HelpDesk is asking you to click on a link to increase your mailbox quota, but the sender is UniversityHelpDesk@yahoo.com, it is a phishing message. However, compromised university accounts do occur. Err on the side of caution and call or contact the sender directly to verify the context of the message if something seems out of the norm.

DON’T DO THESE THINGS TO KEEP YOUR DATA SAFE

• Don’t be duped by aesthetics.
  Phishing emails often contain convincing logos, links to actual company websites, legitimate phone numbers, and email signatures of current employees. Exercise caution if you receive a message urging you to take action to send sensitive information, click on a link, or download an attachment. Don’t hesitate to contact the company directly; they can verify legitimacy and may be unaware that their name is being used for fraud.

• Don’t share your university NETID password.
  Did we say never? Yup, and we mean never. Your password is the key to your identity, your data, and your classmates’ and colleagues’ data. Your UT password is for your eyes only; OIT will never ask you for your password. Don’t write it down and paste it on your monitor or workspace! Not only are you violating a UT Policy, but you’re also putting the university and its data at risk.

• Don’t open links and attachments from unknown senders.
  Get into the habit of typing known URLs into your browser. Don’t open an attachment unless you’re expecting a file from someone. Give the person a call to verify the email if you’re suspicious. Let’s say you receive an email claiming to be from someone you know — a friend, colleague, or even the UT Chancellor or UT President.

• Cybercriminals often spoof addresses to convince you it’s from a trusted source, requesting that you perform an action such as transferring funds or providing sensitive information. If something seems off about the email, call the person at a known number listed in the official UT directory to confirm the request.

• Don’t talk to strangers!
  Receive a call from someone you don’t know? Are they asking you to provide information or making odd requests? Hang up the phone and report it to the OIT HelpDesk at (865) 974-9900.

• Don’t be tempted by abandoned flash drives.
  Cybercriminals may leave flash drives lying around for a victim to pick up, insert, and unknowingly install malware on their computer. If you feel tempted to insert a flash drive to identify the rightful owner, be wary — it could be a trap.

• Don’t approve a 2FA push if you don’t recall sending one.
  Don’t be lulled into the 2FA push mentality where you mindlessly click “Approve” on your Duo app, even though you weren’t logging into anything. The bad actor already has your password, and they just used it to initiate a PUSH. By mindlessly approving the PUSH, you remove the chain from the door and invite them into your world.

SEE SOMETHING SUSPICIOUS? SAY SOMETHING!

Say something to your departmental IT staff or call the OIT HelpDesk! If you notice someone suspicious walking around or “tailgating” someone else, especially in or around an off-limits area, call the UT Police Department. If you receive a PUSH to your Duo App that you didn’t initiate, contact the OIT HelpDesk and let us know.