dataprivacy

Personal information is like money — you should value it and protect it. That's one of the main messages of Data Privacy Day, an international effort to encourage respecting privacy, safeguarding data and enabling trust online.

Here are some tips to stay privacy aware:

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information. Here's how to report spam to AskIT.

Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access. Sign up for the Identity feature at BlazerID Central so that you can more easily change your BlazerID password and so that you can receive RedFlag alerts if your personal information is changed in the Oracle payroll system.

What you post can last a lifetime: Before posting online, think about how it might be perceived now and in the future and who might see it. 

Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It's OK to limit how and with whom you share information.

Be aware of what's being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when an how you share information about others.

Post only about others as you have them post about you: The golden rule applies online as well.
Thursday, 14 January 2016 11:05

Reminder: Be aware of email phishing attempts

UAB IT reminds the university community to be aware of malicious phishing emails. 


To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:


  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Thursday, 07 January 2016 08:39

Students: Be aware of malicious callers

UAB students should continue to be aware of malicious callers who aim to scam them out of money.


Students at universities across the country have been targets of similar scams, in which malicious callers, purporting to be law enforcement officers or IRS representatives, make threats about alleged debt. Although the phone scammers often know personal details about students -- such as their majors -- students should know there has been NO breach of protected information at UAB. Such information is often publicly available in student directories or social media. UAB has password-protected its electronic phonebook to keep such information more secure.


 According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.

UAB users have been hit in the past day with emails containing malicious attachments that could encrypt users' files, enabling attackers to hold the files for ransom.

The recent emails contain unzipped Word document attachments that pretend to be a job applicant's resume or CV. The image below is similar to what users have received:

cryptolocker

When the user opens the attachment, a particularly nasty malware called CryptoLocker is released onto the user's computer.

CryptoLMalocker malware holds the user's machine hostage by encrypting all of the user's files, making them inaccessible without the required passkey.

The attacker offers the victim the passkey for a fee of a few hundred dollars, often paid by entering a prepaid credit card number the victim must purchase.

There is no way to simply remove the malware. The user must either pay the ransom (which does not always work) OR if they keep consistent backups, rebuild the machine and load the backup onto it.

Anyone who receives such an email is urged to report it to AskIT.

Follow these tips to avoid phishing and other scam emails:

  • Don't open attachments from strangers or even friends if you aren't expecting them. The attachment could contain a virus that can infect your computer.
  • Do NOT click links in messages. Type a trusted web address in your browser or Google for the web site if you don't know the address.
  • When there is a link in an email, do the "hover test" and hover your mouse over the link to see where it is actually redirecting you.
  • Never type personal, sensitive information (such as passwords or account numbers) on web sites without verifying the web site's authenticity and security — look for an "https" in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Always report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A critical security vulnerability has been identified in versions of Adobe Flash Player, and UAB users are urged to update it on their computer systems. flash player

Adobe has released an emergency update to address the issue. The vulnerabilities could allow a hacker to take control of a system.

Users can verify that they have the latest version of Flash Player by visiting the website: https://www.adobe.com/software/flash/about/.
Monday, 12 October 2015 15:56

Phone scammers still targeting students

cellphone imageforstory

UAB students — and even their parents — continue to be targets of phone scammers who impersonate law enforcement officers or IRS representatives.

Similar scams — in which malicious callers make threats about alleged debt — have targeted students at universities around the country. Although the phone scammers often know personal details about students — such as their majors — students should know there has been no breach of protected information at UAB. Such information is often publicly available in student directories or social media. The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.

More information about IRS scams is available here.

Tips if you receive one of these calls:
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.

Tips for protecting your identity on social media:

  • Set your privacy settings so that your information and your posts are only viewable by those you trust.
  • Only accept friend or connection request from those you know and trust and those you are comfortable with sharing information. For example, posting that you and your family are on vacation on your social media page lets potential criminals know that no one is at your residence. This could make you a candidate for theft. (You can also un-friend or un-connect with those you do not trust.)
  • Consider which pieces of your sensitive information, such as your birth date, personal email address, home address, current employer, high school, etc., you should and shouldn't display. Identity thieves can piece together your information in order to take over your identity.
  • For professional sites, such as LinkedIn, use a different email address than the one used for social media s ites, such as Facebook, MySpace and Twitter. This way, peopel you are linked to professionally can't find you on social media sites via your email.
Tuesday, 06 October 2015 13:37

Phishing tips: Watch for red flags

Have you received an out-of-character email from someone? Are there misspellings or grammatical errors in the body of the email, or hyperlinks that don't match the name of the link in the email?

All of those are red flags that the message you've received is a phishing attempt.

Phishing is an attempt at identity theft that uses fraudulent web sites and fake emails, with perpetrators attempting to steal your personal data — most commonly passwords and credit card or bank information.

The graphic below shows some of the common red flags in phishing emails. Click the graphic for a larger image. Don't get caught!

SocialEngineeringRedFlags
Tuesday, 29 September 2015 19:11

Tech support phone scam targets UAB

UAB staff should be aware of a potential scam in which a caller posing as tech support staff asks for the IP address of office printers — possibly to try to gain access to recently printed documents or to try to scam you into paying for unnecessary support.

A UAB staff member recently fielded such a call.

Similar scams have occurred around the country in recent years. In some scams, the caller is attempting to gain access to the printer or other systems. In others, the caller pretends to offer support for a fee — which can rack up unnecessary charges.

The Federal Trade Commission offers tips for what to do if you suspect you are a victim.
Pre NCSAM Infographic
Stop. Think. Connect.


That’s the message that UAB IT and organizations across the globe are reinforcing in recognition of Cyber Security Awareness Month, which promotes the importance of online safety and security.

UAB IT will be posting daily security tips on its social media channels — Twitter, Facebook and Instagram — and is also sponsoring a video contest that invites undergraduate students to submit their own short films promoting online security.

Among the most important — but also easiest — things people can do to stay safe online are these tips:

Learn more about Cyber Security Awareness Month here

Friday, 04 September 2015 13:31

UAB IT hosts Cyber Security video contest

UAB IT’s information security department is sponsoring a National Cyber Security Awareness Month video contest. cybersecurityawareness

The top prize is $250.

All currently enrolled undergraduate students who are 19 years of age or older are eligible. The deadline is Oct. 23, 2015.

Here’s how to get started:

  • Decide whether you want to produce a video with a team or individually. A team cannot have more than four total members. Team or individual entrants may submit more than one video.
  • Pick one of the following five topics for your video message:
    • Keep a clean machine
    • Protect your personal information
    • Connect with care
    • Be web wise
    • Be a good online citizen
  • Additional details about the topics can be found at Stop. Think. Connect.
  • Read the video contest’s official guidelines and YouTube’s guidelines for uploading.
  • Create a YouTube account.
  • Organize the components of your video (camera shots, scripts, voiceover, written messages). Storyboards or outlines are commonly used for this purpose.
  • Filming your video can be done with a video camera, digital camera and/or a camera phone. You can even use drawings created on paper and scanned into your computer.
  • Edit your video to be no longer than 1 minute without credits.
  • Verify that your video meets the contest guidelines and YouTube’s uploading guidelines.
  • Upload your entry to YouTube and copy the link so that you can send it when you submit your entry form.
  • Submit your entry form. The entry form must include the YouTube link to the video and the contact information of the submitter(s).