As we approach the holidays, the Information Security Office (ISO) would like to remind the UT Arlington community to be aware of seasonal scams, phishing and malicious software (malware) distribution campaigns.
Every year, cyber criminals take advantage of the uptick in online purchases and electronic seasonal greeting cards to trick victims into believing they’ve received packages or personal messages. They often use multiple methods to attract victims, such as posing as legitimate websites and/or using fraudulent emails that are crafted to look legitimate; they steal the logos, email or web templates of legitimate businesses (e.g. FedEx, DHL, UPS, Amazon.com, etc.) in an effort to entice victims into clicking links or opening attachments.
These phishing and malware campaigns may come in the form of:
- Fake shipping/courier notifications.
- Electronic greeting cards or links to holiday screensavers or other forms of media.
- Requests for charitable contributions that may appear to be for legitimate causes but originate from illegitimate sources claiming to be charities.
- Credit card or gift card applications or enticing discounts in online shopping advertisements that lead to websites you’re unfamiliar.
In addition be aware of social engineers who may call you on your personal or work phone using a themed pretext (holiday offers, package pickup, etc).
Don’t be a victim! The ISO advises caution when you encounter these types of email messages or websites by:
- Looking for tell-tale signs that a website or email is not legitimate:
- The senders address or website address does not match the organization listed in the content of the message.
- The grammar in the message or website is poor.
- Format of the email or website is poor or inconsistent with what you’re used to seeing from the organization.
- Hovering over the links with your mouse reveals web address inconsistent with the content of the message.
- Never clicking on links in emails that you’re not expecting.
- Never opening attachments in emails that you’re not expecting.
- Never providing your personal information in an email or on a website unless you are completely sure.
For additional security tips for Shopping Safely Online, visit the United States Computer Emergency Readiness Team site at http://www.us-cert.gov/ncas/tips/st07-001.
If you do receive any suspicious email messages, please contact the security office at firstname.lastname@example.org or 2-5487.