Skip to content

Cybercrime victims lose millions each year. Do you

know how to protect your digital profile and devices?

Now more than ever, consumers spend increasing amounts of time on the internet — shopping, banking, connecting with family and friends, and handling medical and other personal records. More time online, however, comes with an increased risk of becoming the victim of a cybercrime.

Consider these statistics:

  • 64 percent of U.S. adults have noticed or been notified of a major data breach affecting their sensitive accounts or personal data
  • Consumers reported $905 million in total fraud losses in 2017
  • The U.S. business sector reported 571 data breaches in 2018 — the most ever recorded

#BeCyberSmart when sharing personal information online — whether on social media or other websites.

Here are some simple tips from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), which co-lead National Cybersecurity Awareness Month (NCSAM), to connect with confidence and safely navigate the internet, as well as some resources from University Information Technology (UIT) to help you get started.

Double your login protection

Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token — a small physical device that can hook onto your key ring.

Resources

Shake up your password protocol

According to National Institute for Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites. This can prevent cybercriminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts.

Resources

If you connect, you must protect

Whether it’s your computer, smartphone, gaming device, or other network devices, the best defense against viruses and malware is to update to the latest security software, web browser, and operating systems. Sign up for automatic updates, if you can, and protect your devices with antivirus software.

Resources

Play ‘hard to get’ with strangers

Cybercriminals use phishing tactics, hoping to fool their victims. If you’re unsure who an email is from — even if the details appear accurate — or if the email looks “phishy,” do not respond and do not click on any links or attachments found in the email. When available, use the “junk” or “block” option to no longer receive messages from a particular sender.

Resources

  • ISO's Beware of Phishing video (below) and Phishing 101 tip sheet are two great resources that will help you quickly familiarize yourself with phishing attacks.

A middle-aged white man (who we will call the "fisher" from now on) wearing a green fishing vest with many pockets walks through a grove of trees, holding a fishing pole and tackle box. He has short, light brown hair and scruffy facial hair, and wears a red, white, and blue flannel shirt and jeans. He sets the pole and tackle box on the ground and stretches his arms above his head. White text flies up, reading "phish•ing." More white text follows, reading:

"phish•ing /fi-SHiNG/"

"noun"

"Tricking a user into sharing personal information or login credentials by posing as an official source."

0:09: The video transitions to the fisher sitting at a desk with two computer monitors. The monitor on the left shows a document containing a pie chart; the monitor on the right shows a yacht on water. The man rubs his hands together and cracks his knuckles, then begins to type on his keyboard. Near his keyboard, under the monitors, he has Funko Pop statues and comic book figurines. 

0:13: The video transitions back to the fisher in the grove of trees. The video zooms in on the fisher's hands; he holds a small, metal box containing fishing lures. He selects a lure and attaches it to his fishing line. He then walks toward a red block U statue on the University of Utah campus.

0:23: The video moves to a shared work table, where a man and woman huddle over their Apple laptops. The white man has dark, short hair and wears a light-colored button-up shirt and khaki pants; the white woman has long, dark, wavy hair and wears a black dress. She holds a dark folder open in her lap. A woman sits adjacent to them, wearing headphones and using her Apple laptop. She has dark hair pulled into a bun and wears dark glasses and a light-colored hoodie.

0:25: The video transitions back to the fisher, who stands in front of the "Imagine U" side of Marriott Library, casting his fishing line toward the building. He walks through campus again, passing a set of stairs and multiple street lamps. He then casts his line toward a white female student passing by on the sidewalk, which is lined with trees full of leaves. The red block U is behind him on the left. The student — who is wearing a multicolored, short-sleeved shirt with chevron patterns, black pants, and a backpack — shies away.

0:35: The fisher continues casting his line in various places around campus. In one scene, he even pops out beyond a bush to startle a man passing by. The white man is wearing a blue button-down shirt with the sleeves rolled up and jeans. In another scene, the fisher casts his line toward a white male man who is walking his bike on the sidewalk. The cyclist has long light brown or blond hair, and wears red flannel, dark jeans, a red and white hat, and a backpack and carries a light-colored helmet. He ducks from the fishing line.

0:41: In the next scene, the fisher climbs a rock and looks out over the landscape. He then appears to reel in his fishing line, which is taut. Text fades in from the left, reading "You will never receive a threatening or intimidating email from any legitimate University source."

0:48: The video transitions to a man, whose face we cannot see, typing on a black laptop with a U drum and feather sticker and a white sticker in the shape of Alaska. He is wearing a white shirt with a dark graphic, Apple headphones, and a red and white braided bracelet. On the desk, there is a couple of notebooks, and red and blue pens. Light filters in behind him. Text fades in from the left, reading "Never share your uNID and password with anyone."

0:53: The video transitions to a black screen that shows icons and text on the common signs of phishing scams, including the "no" symbol and a tip that reads: "Common Phishing Scams." A pointer moves to reveal the following bullet points: 

  • "Unusual email language, poor spelling or grammar"
  • "The URL doesn't match webpage"

1:02: The video then moves to into an example of a webpage in the Safari browser. The URL reads "www.TAKEALLYOURMONEYANDRUN.org," and the page imitates a University of Utah login screen. A browser tab in the background reads, "Funny Cats — YouTube." The video zooms in on the URL, which is highlighted with a white overlay while the rest of the screen is darkened by a black overlay.

1:05: The video returns to the bullet point list of common phishing scams. The next item reads, "When hovering over link, it doesn't match the promised content."

1:08: The screen transitions to an email client, which shows an example of an email. Highlighted is a link that reads, "here" but shows a URL to "http://takeallyourmoneyandrun.org."

1:11: The video transitions into a library, where an Asian man sits at a desk with his hands on the keyboard of the laptop open in front of him. He is wearing a checkered button-down shirt with the sleeves pushed up and a pair of glasses. His hair is black and a bit long around the ears, forehead, and back of the neck. A backpack or messenger bag is on the table next to his laptop, and a chair is open to his left. In the background, light filters in from large windows and two stacks/shelves hold numerous books.

1:15: The video zooms in on the Asian man and his laptop. On the screen, text reads "Guard your uNID and password like your Social Security number." Then video transitions into a montage of shots of people using open laptops. The first image shows a desk with an open laptop, which has multiple windows open. White hands barely touch the edge of the keyboard. Text fades in that reads "Change your password often."  The second image shows a white man using the touch pad on his laptop to scroll. We only see his hands and the sleeves of his button-down shirt, which is white checkered with dark lines. The third image shows a white woman using a silver laptop. She faces us so we cannot see what is on the screen. She has long, brown hair and wears a dark T-shirt. To her right, another white person, who appears to be a woman, types on a laptop. This person is wearing a gray sweatshirt or hoodie. Text fades in that reads "Change your password and call the Campus Help Desk immediately." A phone number reading "801-581-4000" fades in.

1:25: The video transitions back to an outdoor space on campus with grass and trees. A man in a light blue-green shirt and dark pants walks left past our view. Another man, somewhat balding, walks right past our view. He wears a dark blue or black shirt with short sleeves and a collar, and jeans. The fisher is in the background, waving his fishing line.

1:29: The video returns to the fisher's desk, with a close-up on the Funko pop and comic book figurines. The figurines include Superman and a shark, but it's not clear which characters the others represent. The video zooms out so we can see the fisher sitting at the desk. He makes a fist with his right hand and pulls it downward in a motion that represents cha-ching, yes, score, gotcha, or a similar celebration. He throws his head back and laughs. 

1:32: The screen goes black. The University Information Technology (UIT) logo (white text with a red Block U) and white text reading "it.utah.edu/" fade in, with the word "security" added shortly after to the end of the URL so it reads "it.utah.edu/security."

1:37: The screen changes to a white background with a gray gradient at the bottom that shows a mirror image of the red and black Imagine U logo in the center of the screen.

Phishing is becoming more and more popular. 

We're talking about phishing with a "ph." Not the river-runs-through-it kind. 

It's about cyber scammers, con artists, and thieves. Every day they're baiting and hooking personal information and gutting bank accounts. It's happening all around the nation and right here at the U. 

Faculty, staff, and students are all vulnerable, and attacks are becoming more targeted. 

Because some university personal information is readily available, scammers are often using it, along with emotional responses, to get you to act. 

It's important to stay vigilant and know thieves are trying to land the big one. 

You will never receive a threatening or intimidating email from any legitimate university source. 

Don't take the bait. Never share your uNID and password with anyone. And look for the signs that are common in phishing scams. Things like:

  • unusual email language or spelling or grammar
  • the URL doesn't match the webpage
  • when hovering over a link, it doesn't match the promised content 

Here's what to do to stay protected:

  • Guard your uNID and password like your Social Security number
  • Change your passwords often
  • Lock your screens when not in use or when you leave your desk

If you've been hooked, call the Campus Help Desk (801-581-4000, option 1) immediately. 

Trust your gut. If it smells fishy, it probably is. 

For more information, visit it.utah.edu.

  • Send suspicious emails to phish@utah.edu. ISO's Security Assurance team will investigate the email in a safe environment and let you know the legitimacy of the email.
  • The 2019 NCSAM Phishing tip sheet explains how criminals lure you in and how you can avoid such scams.
  • Can you spot when you're being phished? Take Google's phishing quiz to find out.

Under-share and don’t tell

Limit the information you post on social media — from personal addresses to where you like to grab coffee. What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and your physical belongings — online and in the physical world. Keep Social Security numbers, account numbers, and passwords private, as well as specific information about yourself, such as your full name, address, birthday, and even vacation plans. Disable location services that allow anyone to see where you are — and where you aren’t — at any given time.

Resource

Keep tabs on your apps

Most connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved— gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and use the “rule of least privilege” — the practice of limiting access rights for users to the bare minimum permissions they need to perform their work — to delete what you don’t need or no longer use. Learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.

Stay protected while connected

Avoid connecting to any public wireless hotspot — like at an airport, hotel, or café. If you do use an unsecured public access point, practice good internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Only use sites that begin with “https://” when online shopping or banking.

When in doubt, use the U’s virtual private network (VPN) for secure internet access. Or if you’re visiting a partner institution, you can connect securely via eduroam

Resources

  • AnyConnect is the university’s preferred VPN client and can be downloaded through the OSL website (login required).

Don't forget about your IoT devices!

2019 NCSAM

YOUR DIGITAL PROFILE: OWN IT. SECURE IT. PROTECT IT.

DO YOU KNOW HOW TO PROTECT YOUR DIGITAL PROFILE AND DEVICES?

THE STRONGEST LINE OF DEFENSE AGAINST CYBERTHREATS

BUILDING A CULTURE AROUND CYBERSECURITY AT THE UNIVERSITY OF UTAH


ISO on Twitter

Last Updated: 10/11/24