Author: Laurie Neal

Report to Thwart Phishing Attacks and Other Steps to Prevent Harm

Phishing scams are a daily threat experienced at UConn. If you receive an email that appears to be out of the ordinary, do not click on links, open attachments, or respond to the sender.

How to report

Please report suspicious emails by clicking Outlook’s “Report” button in the upper right-hand corner of the email. Your reporting efforts play a crucial role in UConn’s ability to detect and respond to threats.

How to build vigilance within our community

Please talk about phishing with others! Take a minute to discuss phishing with a coworker or student. A simple conversation can go a long way to encourage a fellow husky to use their critical thinking skills the next time an email doesn’t sit quite right. Your efforts may not only prevent a successful attack on UConn information and systems, but can also prevent a member of the UConn community from personally becoming a victim of phishing.

Here are a few ideas to start the conversation:

  1. What is the most bizarre (or most convincing!) phishing email you recall receiving?
  2. What are some of the foreseeable consequences of a successful phishing attack?
  3. What are some feelings a person may have experienced if they were a victim of a scam?
  4. What are ways we can better detect attempts at deception?
  5. Have you ever brought up the dangers of phishing at the dinner table? Why or why not?

What to do if…

If you acted upon instructions from a phishing email that results in you entering your NetID credentials into an illegitimate website, please update your password at netid.uconn.edu. 

If you believe you were financially defrauded by the phishing actors or were asked to carry out financial transactions on their behalf, you are encouraged to make a report of the activity to the UConn Police or your local police department.

Tax Season Phishing Scams

Tax season is upon us, making it an opportune time for scammers to attempt to defraud you. Cybercriminals frequently disguise themselves as Payroll offices/officials by sending emails that contain calls for action, such as requests for you to verify tax information, update direct deposit accounts, print and cash checks, and/or visit a website that is not owned by UConn or the State.
Continue reading

Duo: Sound the Alarm

Users play a crucial role in defending against cybercriminals. When your password is stolen, a hacker will try to use it to gain unauthorized, criminal access to University protected systems and information. Duo serves as a second line of defense, but only with your help. Hackers will attempt to trick you into authenticating a login on their behalf.  We’re sharing common attacks to be aware of, how to detect them, and what to do if you are subject to an attack.
Continue reading

How to Catch a Thief with Duo

“Credential thieves” find ways to steal usernames and passwords all the time. Whether a thief tricks you into providing your login information, or they hack a system, once a bad actor has what they need, your information and entire systems are at risk.

Duo, the multi-factor authentication application used at UConn, can stop a thief in their tracks, but only with your help. Duo serves as your second line of defense against unauthorized access (good passwords are your first)! After you enter your password, you then authenticate with Duo, verifying your identity for a second time. If you EVER receive a prompt from Duo that you DID NOT initiate, you must deny that prompt because this is an indicator that your credentials are compromised. When you deny Duo, you are catching the credential thief in the act, and blocking them from taking further action. It is common for these thieves to enter your credentials multiple times in hopes that you become “fatigued” from the notifications and just approve a Duo push out of frustration and annoyance.

A legitimate Duo push tells you what services you are attempting to log into, such as UConn 2FA Single Sign On, and the approximate location of the access request. If you did not initiate a login, and you randomly receive push to your phone, or come across a page requesting a Duo token/code, follow these steps to protect your account:

  • Deny the Duo prompt.
  • If asked by Duo if the activity is suspicious, press yes.
  • Visit https://netid.uconn.edu/ to change your password.

You must change your password if you experience suspicious activity, such as an unauthorized Duo notification, because it means your credentials are compromised. Passwords are the first line of defense, but they only offer protection if they are hard to crack and known by only you. Follow these password practices to hinder credential theft from the start. And remember to NEVER approve a Duo push or enter Duo codes when you did not initiate a login.

Employment Scams

Have you received an unsolicited job offer? Cybercriminals target students promising jobs and compensation.  Often sent via email, students are routinely offered fake employment opportunities that are designed to steal your money, or lead to other harmful consequences.

Common signs of employment scams:

  • An e-mail that states “Message sent from a system outside of UConn” despite the email appearing to be sent from an @uconn.edu email account.
  • An offer for a job opportunity you did not apply for.
  • A request for you to deposit a check on behalf of the “employer.”
  • A request for you to share your information.
  • A requirement that you contact the “employer” to continue the “hiring” process over text or phone.

Tips to avoid being scammed:

  • Be skeptical of scammers posing as UConn officials; even when the email appears to come from a @uconn.edu emails address, you must be cautious as cybercriminals can imitate UConn email accounts.
  • Review the company’s online presence. Does the company have a website? Do they have contact information easily available?
  • Do not send money to a company that wants to hire you. A legitimate company will never ask you to pay them.

Concerns?

If you receive an e-mail that you suspect is an employment scam, do not engage with the sender. If you have ever engaged with the malicious actor and believe you have been defrauded, please report the matter to the police.

Remember, if an offer is too good to be true… it probably is.