An amazing and exuberant “Welcome back!” to many of our undergraduates and new cohorts of our professional degrees! The campuses are alive with energy, and your UIS team is working hard to keep student learning and patient care as smooth as possible. This newsletter will focus on phishing, which sadly is happening more and more, so please read on to be safe and protected from scammers! UIS team is just a phone, email, or Zoom connection away!
Thank you and go Boxers!
Brandon Gatke
CIO / CISO
Report Phishing Messages
If you receive a message you know to be phishing (a scam message) or spam (any unsolicited commercial email), please mark it as spam in the Boxer Mail web interface, via the octagon-with-exclamation mark icon above the message. Doing so places it in your Spam folder and helps Google recognize these messages as unwanted. On the other hand, if you’re not sure if a message is a scam, please contact the Helpdesk (by phone, by Zoom or via the ”Inquire About a Suspicious Email” form in the Services Portal). You can also check with the Pacific department that supposedly sent the message. If you’re not sure about a message, then it may be convincing enough for others to fall for it, and reporting it helps UIS take early action to protect everyone.
Google Drive Scams
A recent trend in phishing attacks has been Google Drive sharing scams. In these scams, scammers will share a Google Doc with you, or even just name you in a comment on a Google Doc, which then causes Google to email you to let you know about the share or comment. The Docs or comments will contain links to malicious webpages, including those that try to steal your username and password. To protect yourself from these scams, look for a yellow bar in the email you receive from Google warning you that “[the sender] is outside your organization.” (Note that Outlook does not show this bar.) Don’t open docs sent to you that you weren’t expecting until you check with the university department that supposedly sent them, or check with the Helpdesk as described above.
Beware Unsolicited Duo Pushes
For most of us, approving Duo pushes on the Duo Mobile app has become a matter of habit. However, it is important that you deny any pushes that you aren’t certain that you made. If hackers are able to get a hold of your username and password, their next step is to send you an unsolicited Duo push in hopes that you will approve it and let them into your account. If you get a Duo push that you don’t remember making, please contact the Helpdesk by phone or Zoom right away so we can check the status of your account.
Protecting Students and Coworkers From Phishing
You can help protect your students and coworkers from phishing scams by giving them a heads-up about the types of emails you will be sending them. If you will be sharing Google Docs or Box files with someone, let them know ahead of time. Advance notice is especially useful if you’re asking someone to go to a website that they don’t normally visit. That way, if someone gets an email claiming to be from you or shared by you that asks them to do something unusual, and you haven’t mentioned this to them previously, they will know to seek verification.
Learn More About Avoiding Scams
If you want to learn more about protecting the student and patient data under our care from scammers, an Introduction to Phishing Awareness and Prevention course is available on demand in the university's BlueVolt training system.