A phone scam targeting college students across the country is spoofing the FBI's phone number, threatening students and parents that they will be arrested if they do not pay thousands of dollars for such alleged debts as tuition, student loans or parking tickets.

The FBI has warned consumers to be on alert for such scams. Similar scams — in which malicious callers pretend to be law enforcement — have targeted UAB students in recent months, even costing them and their parents money.

The FBI will never call private citizens requesting money.

Often, callers in such scams appear to have students' personal information, but it is important to note that there has been no breach of personal information at UAB. Malicious callers often try to solicit more personal information from their victims over the course of the call.

If students or parents receive a call that seems suspicious, they should disconnect immediately and notify law enforcement.

If you receive these calls, do not follow the caller's instructions. Instead, the FBI advises you should:

  • Notify your banking institutions.
  • Contact the three major credit bureaus and request an alert be put on your file.
  • Contact your local law enforcement agencies if you feel you are in immediate danger.
  • File a complaint through the Internet Crime Complaint Center at www.ic3.gov.
April CyberSecuritySign
Planning a vacation? People are frequently more vulnerable when traveling because a break from their regular routine or encounters with unfamiliar situations often result in less cautious behavior. If this sounds like you, or someone you know, these five tips will help you protect yourself and CyberSecurityTip Iconguard your privacy.


  • Track that device! Install a device finder or manager on your mobile device in case it's lost or stolen. Make sure it has remote wipe capabilities and also protects against malware.
  • Avoid social media announcements about your travel plans. It's tempting to share your upcoming vacation plans with family and friends, but consider how this might make you an easy target for local or online thieves. While traveling, avoid using social media to "check in" to airports and consider posting those beautiful photos after you return home. Find out how burglars are using your vacation posts to target you in this infographic.
  • Traveling soon? If you're traveling with a laptop or mobile device, remove or encrypt confidential information. Consider using a laptop or device designated for travel with no personal information, especially when traveling out of the country.
  • Limit personal information stored on devices. Use a tool like Identity Finder to locate your personally identifiable information (e.g., SSN, credit card numbers, or bank accounts) on your computer, then secure or remove that information.
  • Physically protect yourself and your devices. Use a laptop lock, avoid carrying identification cards, shred sensitive paperwork before you recycle it, and watch out for "shoulder surfers" at the ATM.
 
Monday, 29 February 2016 13:33

Security tip: Guard your online privacy

You and your information are everywhere. When you're online you leave a trail of "digital exhaust" in the form of cookies, GPS data, social network posts, and e-mail exchanges, CyberSecurityTip Iconamong others. It is critical to learn how to protect yourself and guard your privacy. Your identity and even your bank account could be at risk!

  • Use long and complex passwords or passphrases. These are often the first line of defense in protecting an online account. The length and complexity of your passwords can provide an extra level of protection for your personal information.
  • Take care what you share. Periodically check the privacy settings for social networking apps to ensure that they are set to share only what you want, with whom you intend. Be very careful about putting personal information online. What goes on the Internet usually stays on the Internet.
  • Go stealth when browsing. Your browser can store quite a bit of information about your online activities, including cookies, cached pages, and history. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode.
  • Using Wi-Fi? If only public Wi-Fi is available, restrict your activity to simple searches (no banking!) or use a VPN (virtual private network). The latter provides an encrypted tunnel between you and the sites you visit.
  • Should you trust that app? Only use apps from reputable sources. Check out reviews from users or other trusted sources before downloading anything that is unfamiliar.

Ryan Murphy, a sophomore chemistry and biology major, used his artistic and video skills to create a palatable message about how to “connect with care.”

Murphy’s effort not only won UAB IT’s first student cyber security video contest but also offers good advice about avoiding spam emails, choosing secure web sites and using safe WiFi.

Murphy used tips from the Stop, Think, Connect web site to come up with his video idea, which compares food safety to safe internet use.

Video Check PresentationCIO Dr. Curt Carver presents a check to UAB sophomore Ryan Murphy.“I was trying to put a creative spin on (the cyber security tips),” he said, noting he has seen the trend of “draw my life” videos.

That’s Murphy’s own hand drawing the whiteboard artwork for his winning video.

Murphy, a graduate of Randolph High School in Huntsville, is also a member of UAB's Science and Technology Honors Program and has been using his video skills to help produce videos for that program, including a “This Month in Science” online newscast.

Murphy plans to go to medical school in the future, but said he also hopes to keep using and improving on his video hobby.
dataprivacy

Personal information is like money — you should value it and protect it. That's one of the main messages of Data Privacy Day, an international effort to encourage respecting privacy, safeguarding data and enabling trust online.

Here are some tips to stay privacy aware:

Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information. Here's how to report spam to AskIT.

Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access. Sign up for the Identity feature at BlazerID Central so that you can more easily change your BlazerID password and so that you can receive RedFlag alerts if your personal information is changed in the Oracle payroll system.

What you post can last a lifetime: Before posting online, think about how it might be perceived now and in the future and who might see it. 

Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It's OK to limit how and with whom you share information.

Be aware of what's being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when an how you share information about others.

Post only about others as you have them post about you: The golden rule applies online as well.
Thursday, 14 January 2016 11:05

Reminder: Be aware of email phishing attempts

UAB IT reminds the university community to be aware of malicious phishing emails. 


To report suspected spam to AskIT, please follow the instructions here

Follow these additional tips to avoid being a phishing victim:


  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Thursday, 07 January 2016 08:39

Students: Be aware of malicious callers

UAB students should continue to be aware of malicious callers who aim to scam them out of money.


Students at universities across the country have been targets of similar scams, in which malicious callers, purporting to be law enforcement officers or IRS representatives, make threats about alleged debt. Although the phone scammers often know personal details about students -- such as their majors -- students should know there has been NO breach of protected information at UAB. Such information is often publicly available in student directories or social media. UAB has password-protected its electronic phonebook to keep such information more secure.


 According to UAB IT’s Information Security division, students need to know:

  • No law enforcement body will call them and threaten to arrest them over the phone.
  • The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.
  • UAB has not suffered a breach that resulted in this scam.

Tips:

  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.

UAB users have been hit in the past day with emails containing malicious attachments that could encrypt users' files, enabling attackers to hold the files for ransom.

The recent emails contain unzipped Word document attachments that pretend to be a job applicant's resume or CV. The image below is similar to what users have received:

cryptolocker

When the user opens the attachment, a particularly nasty malware called CryptoLocker is released onto the user's computer.

CryptoLMalocker malware holds the user's machine hostage by encrypting all of the user's files, making them inaccessible without the required passkey.

The attacker offers the victim the passkey for a fee of a few hundred dollars, often paid by entering a prepaid credit card number the victim must purchase.

There is no way to simply remove the malware. The user must either pay the ransom (which does not always work) OR if they keep consistent backups, rebuild the machine and load the backup onto it.

Anyone who receives such an email is urged to report it to AskIT.

Follow these tips to avoid phishing and other scam emails:

  • Don't open attachments from strangers or even friends if you aren't expecting them. The attachment could contain a virus that can infect your computer.
  • Do NOT click links in messages. Type a trusted web address in your browser or Google for the web site if you don't know the address.
  • When there is a link in an email, do the "hover test" and hover your mouse over the link to see where it is actually redirecting you.
  • Never type personal, sensitive information (such as passwords or account numbers) on web sites without verifying the web site's authenticity and security — look for an "https" in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Always report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
A critical security vulnerability has been identified in versions of Adobe Flash Player, and UAB users are urged to update it on their computer systems. flash player

Adobe has released an emergency update to address the issue. The vulnerabilities could allow a hacker to take control of a system.

Users can verify that they have the latest version of Flash Player by visiting the website: https://www.adobe.com/software/flash/about/.
Monday, 12 October 2015 15:56

Phone scammers still targeting students

cellphone imageforstory

UAB students — and even their parents — continue to be targets of phone scammers who impersonate law enforcement officers or IRS representatives.

Similar scams — in which malicious callers make threats about alleged debt — have targeted students at universities around the country. Although the phone scammers often know personal details about students — such as their majors — students should know there has been no breach of protected information at UAB. Such information is often publicly available in student directories or social media. The attackers can spoof a police station phone number or a government number so the call will look like it is coming from such an office.

More information about IRS scams is available here.

Tips if you receive one of these calls:
  • Do NOT provide Social Security numbers, birth dates or any other personal information.
  • Ask to call the “officer” or "IRS representative" back, take down their number and call the number back.
  • Ask them to meet you at the police station in question, if they claim to be from a police department.
  • When in doubt, hang up and call the UAB Police Department at 205-934-4434.

Tips for protecting your identity on social media:

  • Set your privacy settings so that your information and your posts are only viewable by those you trust.
  • Only accept friend or connection request from those you know and trust and those you are comfortable with sharing information. For example, posting that you and your family are on vacation on your social media page lets potential criminals know that no one is at your residence. This could make you a candidate for theft. (You can also un-friend or un-connect with those you do not trust.)
  • Consider which pieces of your sensitive information, such as your birth date, personal email address, home address, current employer, high school, etc., you should and shouldn't display. Identity thieves can piece together your information in order to take over your identity.
  • For professional sites, such as LinkedIn, use a different email address than the one used for social media s ites, such as Facebook, MySpace and Twitter. This way, peopel you are linked to professionally can't find you on social media sites via your email.