Halloween marked the end of National Cybersecurity Month, but cybersecurity awareness is something we should all practice year round.
1. Don't Take the Bait
A phishing scam is a fraudulent email message from someone impersonating a legitimate organization or individual. It’s designed to trick the recipient into downloading harmful attachments or sharing personal information with the sender. Scammers will often try to extract card payment data or your login information.
Legitimate companies will never ask you for sensitive data such as your password or Social Security number. Phishing scams will not only ask for this information, but also will invoke strong emotions of fear or anxiety to convince you to hand over important information.
If you receive an email that you suspect is a phishing scam, forward it to email@example.com. Users reporting scams are the best way for the security team to find out about these types of suspicious emails.
2. Lower Your Chance of Loss
Were you one of the 14.2 million people exposed to credit card fraud last year? How about one of the 158 million people to have their Social Security numbers compromised? According to the Identity Theft Resource Center, consumers reported $905 million in fraud losses in 2017 — 21.6 percent higher than the previous year.
If your wallet or bag were stolen, you’d be a lot better off if it had just a few of your credit cards — as opposed to each one that you own. Applying for new ones can be quite tedious too. So carry only the cards you’ll need on a given day. Also, never carry your Social Security card with you. Thieves can do serious damage with it, including committing crimes in your name and stealing medical care benefits.
3. Keep Track of Documents Containing Personal Information
Try to be diligent about picking up your mail and shred files that contain sensitive material, such as health records or billing statements. Robbers may attempt to steal from your mailbox or trash to gain access to private information.
4. Watch Out for Fraud
Brian Pasquini, assistant director of information security for Pitt Information Technology, advises users to check their credit report at least once a year. Doing so allows you to see any unknown delinquencies or inaccuracies on your report.
If you believe someone has accessed your personal information, the Federal Trade Commission recommends that you set up an alert with one of the three nationwide credit bureaus that keep track of your credit history: Equifax, Experian, and Transunion. Once a bureau is notified, they are required by law to alert the other two.
Pasquini also suggests considering identity theft monitoring services, such as Symantec Corp.’s LifeLock, with membership fees starting at $9.99 for the first year.
5. Run Up-to-Date Security Software on Your Devices
Cybercriminals can install spyware to collect information on your computer. To help prevent this, download and install both Antivirus (Symantec Endpoint Protection) and Anti-Malware (Malwarebytes) software, offered free to faculty and some departments through Pitt’s Software Download Service.
Your Role in Protecting Personal Information and University Data
In recent months, fraudsters have sent messages to Pitt recipients claiming you’ve run out of email storage space, your library account is expiring, and a display error necessitates you click a link to read the full message. Another scam related to payroll even caught the attention of the Pittsburgh Post-Gazette.
In the case of the email claiming that you ran out of email storage, it contains a link that appears to lead you to the Pitt Passport login page — reading something like this:
You’re out of storage limit and most of your outgoing mail(s) has been placed on hold.
To continue sending and receiving mail(s),
kindly follow the link below to upgrade your mailbox disk free.
The message is a phishing scam sent to Pitt students, faculty, and staff last spring. The link doesn’t send you to the official Pitt Passport page — rather, a malicious site intended to extract your username and password.
Andy Seitz, senior security engineer for Pitt Information Technology advises everyone to think about the email you are reading before clicking on any links it contains. An email containing a link or attachment could be a scam.
“Think about what the email is trying to make you do. Scammers will often try to induce fear in you, scare you, promise you money, or try to pique your curiosity,” Seitz said. “Ask yourself, ‘Was I expecting to receive this message? Is it from someone I know?’ If not, it is most likely from a malicious source.”
Want to test your ability to spot phishing scams? Take the “Stop. Think. Click” quiz provided by the FCC to see if you “take the bait — or live to swim another day.”
This article adapted from Pitt Information Technology’s blog. For more information on spotting and reporting phishing scams, visit technology.pitt.edu/phishing.