As we approach the holidays, the Information Security Office (ISO) would like to remind the UT Arlington community to be aware of seasonal scams, phishing and malicious software (malware) distribution campaigns.
Every year, cyber criminals take advantage of the increase in online purchases and electronic seasonal greeting cards to trick victims into believing they’ve received packages or personal messages. They often use multiple methods to attract victims, such as posing as legitimate websites and/or using fraudulent emails that are crafted to look legitimate; they steal the logos, email or web templates of legitimate businesses *e.g. FedEx, DHL UPS, Amazon.com, etc.) in an effort to entice victims into clicking links or opening attachments.
These phishing and malware campaigns may come in the form of :
- Fake shipping/courier notifications.
- Electronic greeting cards or links to holiday screensavers or other forms of media.
- Request for charitable contributions that may appear to be for legitimate causes but originate from illegitimated sources claiming to be charities.
- Credit card or gift card applications or enticing discounts in online shopping advertisements that lead to websites you’re unfamiliar with.
In addition, be aware of social engineers who may call you on your personal or work phone using a themed pretext (holiday offers, package pickup, etc.).
Don’t be a victim! The ISO advises caution when you encounter these types of email messages or websites by:
- Looking for tell-tale signs that a website or email is not legitimate:
………….– The senders address or website address does not match the organization listed in the content of the message.
………… – The grammar in the message or website is poor.
………… – Format of the email or website is poor or inconsistent with what you’re used to seeing from the organization.
………… – Hovering over the links with your mouse reveals web address inconsistent with the content of the message.
- Never clicking on links in emails that you’re not expecting.
- Never opening attachments in emails that you’re not expecting.
- Never providing your personal information in an email or on a website unless you are completely sure.
The United States Computer Emergency Readiness Team encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
- Refer to the Shopping Safely Online Cyber Security Tip for more information on online shopping safety.
- Do not follow unsolicited web links in email messages.
- Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.
- Maintain up-to-date antivirus software.
- Review the Federal Trade Commission’s Charity Checklist.
- Verify charity authenticity through a trusted contact number. Trusted contact information can be found on the Better Business Bureau’s National Charity Report Index.
- Refer to the Recognizing and Avoiding Email Scams document (pdf) for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for more information on social engineering attacks.
- Refer to the Holiday Traveling with Personal Internet-Enabled Devices Cyber Security Tip for more information on protecting personal mobile devices while traveling over the holidays.