Phishing attacks, or attempts to acquire sensitive information such as usernames, passwords or credit card details, pose a major risk to you and the university.

These attacks may come in the form of emails that seem trustworthy, but may convince you to install malicious software or reveal your personal information under false pretences. CyberSecurityTip Icon

Look for indicators such as threats or spelling and grammar errors, and avoid clicking on any links in suspicious emails.

Ultimately, you are the most effective way to detect and stop phishing scams. When viewing e-mail messages, texts, or social media posts, look for the following indicators to prevent stolen passwords, personal data, or private information.

Some more tips to avoid being a phishing victim:

  • Beware sketchy messages. Phishy messages may include a formal salutation, overly-friendly tone, grammatical errors, urgent requests or gimmicks.
  • Avoid opening links and attachements. Even if you know the sender, don't click on links that could direct you to a bad web site. And do not open attachments unless you are expecting a file from someone.
  • Verify the source. Check the sender's email address to make sure it's legitimate. If in doubt, just delete the message.
  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.

To report suspected spam to AskIT, please follow the instructions here.
 
BrianRivers Cropped2Brian Rivers is joining UAB IT July 11 as assistant vice president and chief information security officer.

Rivers has a broad background in information technology and security, with a career spanning 20 years in higher education and Fortune 500 business industries. For the past five years, Rivers has served the University of Georgia as University Information Security Officer.

Rivers holds both a Bachelor of Science in computer science and a Bachelor of Science in mathematics from Georgia College & State University.

“Brian brings leadership and experience to the position and will help us develop a world-class IT organization for UAB,” said Dr. Curt Carver, vice president and CIO.

“I would like to thank the members of the search committee, led by Robert Howard, for their hard work identifying excellent candidates for the position."

Members of the search committee included Robert Howard, associate vice president and deputy CIO; Dr. Franklin Tessler (UAB Medicine); Dr. Julio Rivera (Collat School of Business); and UAB IT’s Cindy Jones.
A phishing email purporting to be from the "IT Service & Support Desk" has hit several email inboxes among faculty and staff at UAB.

The fake email is likely an attempt to steal user information and should be deleted. The subject line may be "Dear Employee/Staff and Student," and it asks recipients to check email access due to a maintenance update. Clicking the email takes users to a non-UAB site called "IT Security Systems Update." A copy of the email is below:

Phishing ITServiceDesk

If you receive an email with a hidden link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A phone scam targeting college students across the country is spoofing the FBI's phone number, threatening students and parents that they will be arrested if they do not pay thousands of dollars for such alleged debts as tuition, student loans or parking tickets.

The FBI has warned consumers to be on alert for such scams. Similar scams — in which malicious callers pretend to be law enforcement — have targeted UAB students in recent months, even costing them and their parents money.

The FBI will never call private citizens requesting money.

Often, callers in such scams appear to have students' personal information, but it is important to note that there has been no breach of personal information at UAB. Malicious callers often try to solicit more personal information from their victims over the course of the call.

If students or parents receive a call that seems suspicious, they should disconnect immediately and notify law enforcement.

If you receive these calls, do not follow the caller's instructions. Instead, the FBI advises you should:

  • Notify your banking institutions.
  • Contact the three major credit bureaus and request an alert be put on your file.
  • Contact your local law enforcement agencies if you feel you are in immediate danger.
  • File a complaint through the Internet Crime Complaint Center at www.ic3.gov.
April CyberSecuritySign
Planning a vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and CyberSecurityTip Iconguard your privacy.


  • Track that device! Install a device finder or manager on your mobile device in case it's lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
  • Avoid social media announcements about your travel plans. It's tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to "check in" to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you're traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
  • Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.
  • Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for "shoulder surfers" at the ATM.
 
Monday, 29 February 2016 13:33

Security tip: Guard your online privacy

You and your information are everywhere. When you're online you leave a trail of "digital exhaust" in the form of cookies, GPS data, social network posts, and e-mail exchanges, CyberSecurityTip Iconamong others. It is critical to learn how to protect yourself and guard your privacy. Your identity and even your bank account could be at risk!

  • Use long and complex passwords or passphrases. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
  • Take care what you share. Periodically check the privacy settings for social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet usually stays on the Internet.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.
  • Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
  • Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.

Ryan Murphy, a sophomore chemistry and biology major, used his artistic and video skills to create a palatable message about how to “connect with care.”

Murphy’s effort not only won UAB IT’s first student cyber security video contest but also offers good advice about avoiding spam emails, choosing secure web sites and using safe WiFi.

Murphy used tips from the Stop, Think, Connect web site to come up with his video idea, which compares food safety to safe internet use.

Video Check PresentationCIO Dr. Curt Carver presents a check to UAB sophomore Ryan Murphy.“I was trying to put a creative spin on (the cyber security tips),” he said, noting he has seen the trend of “draw my life” videos.

That’s Murphy’s own hand drawing the whiteboard artwork for his winning video.

Murphy, a graduate of Randolph High School in Huntsville, is also a member of UAB's Science and Technology Honors Program and has been using his video skills to help produce videos for that program, including a “This Month in Science” online newscast.

Murphy plans to go to medical school in the future, but said he also hopes to keep using and improving on his video hobby.
dataprivacy

Personal information is like money — you should value it and protect it. That's one of the main messages of Data Privacy Day, an international effort to encourage respecting privacy, safeguarding data and enabling trust online.

Here are some tips to stay privacy aware:

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information. Here's how to report spam to AskIT.

Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access. Sign up for the Identity feature at BlazerID Central so that you can more easily change your BlazerID password and so that you can receive RedFlag alerts if your personal information is changed in the Oracle payroll system.

What you post can last a lifetime: Before posting online, think about how it might be perceived now and in the future and who might see it. 

Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It's OK to limit how and with whom you share information.

Be aware of what's being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when an how you share information about others.

Post only about others as you have them post about you: The golden rule applies online as well.
Thursday, 14 January 2016 11:05

Reminder: Be aware of email phishing attempts

UAB IT reminds the university community to be aware of malicious phishing emails. 


To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:


  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Thursday, 07 January 2016 08:39

Students: Be aware of malicious callers

UAB students should continue to be aware of malicious callers who aim to scam them out of money.


Students at universities across the country have been targets of similar scams, in which malicious callers, purporting to be law enforcement officers or IRS representatives, make threats about alleged debt. Although the phone scammers often know personal details about students -- such as their majors -- students should know there has been NO breach of protected information at UAB. Such information is often publicly available in student directories or social media. UAB has password-protected its electronic phonebook to keep such information more secure.


 According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.