It is December 21st as I’m writing this. Over the past week I have received emails “from” Kent Fuchs, the UF IT Email Team, The UF Help Desk, Google Docs, and others. None of those emails was legitimate, but they are a sign that UF is under siege from bad guys that are attempting to steal our login credentials via phishing emails.
What is phishing?
Phishing is the activity of attempting to obtain sensitive information, including usernames and passwords, by disguising as a trustworthy entity in an electronic communication. Over the past two years, these Phishing Attacks have become more sophisticated, even to the point of impersonating the UF President. These phishing emails will usually include a link to a web-page that will ask for your UF login credentials and some of those pages look like the real UF login page.
Why would the bad guys want YOUR login credentials?
Believe it or not, your UF login credentials are a high value target. A person with your UF credentials could access the My.UFL portal to gain additional personal information that can be used for identity fraud. Even worse, there has been at least one incident at UF where an individual had their direct-deposit bank routing information changed.
How can you protect yourself?
First and foremost, never share your login credentials. It is against UF policy to share your credentials and no IT staff will ask for your password.
Second, if you are ever redirected to a link that asks for your GatorLink Login, do not enter your credentials unless you see the text login.ufl.edu in between the https:// and the first “/”.
Third, if in doubt, you can check the IT Alerts Dashboard to see if the email you received was a phishing scam that has been announced.
What should you do if you get a Phishing email?
If you get a phishing email, please forward a copy to firstname.lastname@example.org; you do not need to forward the email to anyone in CLAS IT.
CLAS IT plans to deploy a “Phishing” button for Microsoft Outlook 2016 in the spring. Once deployed, you will be able to simply click on the button when you receive a Phishing email.
For more information on Phishing, please see the UF Information Security page.