Volume 56 |
Issue 12: February 9, 2024

TECH CORNER: Uptick in cybersecurity threats require increased vigilance

Friday, February 9, 2024

By KAREN BEAUDWAY

Perhaps you recently received an email offering free items from an alum’s estate? Or maybe you got a message warning that you have two Microsoft 365 academic accounts and are at risk of having them deactivated? If you didn’t, it’s because Pitt Information Technology discovered those scams and pulled those emails from Pitt inboxes before the vast majority of people even saw them.

Here at Pitt, the number of messages reported to Pitt IT increased by 447 percent from the first to the second quarter of this fiscal year. In fact, Pitt IT security systems block more than 856,000 malicious emails every day, which comprises 52 percent of all incoming messages. If it feels like hackers have massively ramped up their efforts, it’s because they have!

Partner with Pitt IT to stop phishing

Pitt IT’s multi-layered approach to stopping malicious actors includes several automated systems that identify scams from known bad actors, risky IP addresses/regions, strangely high volumes of activity, and keyword combinations that indicate a high likelihood of scam content.

However, technology alone cannot stop every hacking attempt. Bad actors are constantly changing tactics to avoid detection, and Pitt IT must balance cybersecurity efforts against ensuring legitimate emails are delivered. As a result, some questionable emails make it through the controls.

Students, faculty, and staff play a crucial role in protecting not just their own personal information, but the security of University data as well. The actions of every individual at the University are an incredibly important piece of the puzzle.

1. Take basic precautions

Awareness and avoidance of risky behaviors is critical for keeping your accounts and data safe. A few cybersecurity basics can make a huge difference, including:

  • Take a moment before clicking links in email to look for any suspicious signs of phishing.
  • Look for signs your account has been compromised, like unfamiliar emails in your Sent folder or being locked out of an account.
  • Use a different strong password for each of your online accounts.

Tip: The key to using different passwords is to store them all in a secure password manager so that you don’t have to remember each of them.

2. Only approve duo prompts that you initiate

The biggest factor in most of Pitt’s larger phishing attacks has been people approving a Duo prompt that they didn’t initiate. Once a scammer gets into your account, they can use your Pitt email to send messages to thousands of Pitt addresses at once. Because the email comes from an internal, verified account, it does not trigger some of the security alerts that those from external addresses do.

Pay attention to Duo prompts. You should only get a prompt within seconds of logging into a Pitt service. If you get one at any other time, warning bells should go off. It means a hacker already has your credentials! If you get a random Duo prompt, deny it and immediately contact the Technology Help Desk to reset your password and report the incident.

Tip: Use Duo’s “remember me for 24 hours” option so you more easily notice random prompts.

3. Don’t auto-forward messages to another account

Another significant risk occurs when Pitt email is forwarded to a different email provider, like Gmail. It may seem more convenient to read Pitt messages from a personal account you use frequently, but Pitt IT security controls are bypassed when you forward emails. Pitt IT has no visibility into third-party email services, and it can’t recall a message identified as malicious once it leaves Pitt email servers.

Don’t forward your Pitt emails. It is safest to keep your personal, private activity on a personal email account and your professional and academic activity on your Pitt account.

Tip: Add all of your email accounts to a preferred mail app, like Microsoft Outlook, so you can check them all in one place without actually forwarding emails.

4. Report suspicious emails

If you see something, say something. Don’t assume someone else has already noticed and addressed it. Promptly report any suspected incidents so that Pitt IT can quickly assess the situation, contain potential issues, verify the safety of other systems, and identify potential risks to sensitive information. Increased reporting enhances our ability to combat scams effectively — multiple reports of identical messages serve as a significant indicator of the scale of the threat.

Reporting works. Of the nearly 33,000 suspicious emails reported to Pitt IT during October to December 2023, nearly 84 percent were found to be malicious.

Tip: If you get a suspicious email, report it by forwarding it as an attachment to phish@pitt.edu.

Avoid the consequences of risky behavior

Despite Pitt IT’s automated phishing detection tools, malicious emails sneak through undetected. When people don’t follow cybersecurity best practices, those messages can proliferate and measures to mitigate the spread can be thwarted.

The consequences can be serious. Bad actors who get your username and password can lock you out of your account and use your credentials to access University data. They can also use your information to crack your personal accounts. If you’ve reused your Pitt password or Pitt email address to create accounts on third-party sites, your risk goes up exponentially.

In addition, if you click on a link in an identified malicious message, your account will be locked until you contact the Technology Help Desk to reactivate it. You’ll also be asked to complete a short phishing awareness refresher so you will be able to better recognize future attacks. Cumulatively, Pitt faculty and staff lose hundreds of hours a year in productivity in response to their interactions with malicious emails.

Karen Beaudway is a Pitt IT blogger.