Cyber criminals love to take advantage of the holiday season. People are busy and perhaps less vigilant—particularly given the volume of email advertisements and online transactions happening this time of year.
University IT security experts are reminding the campus community to be on guard against unexpected or suspicious email at all times—especially during the holidays. Delete messages that could be malicious, or contact a local IT person or the ITS Help Desk to verify messages before responding.
Here are a couple of key clues:
1. Watch out for those surprise too-good-to-be-true messages. If you did not initiate contact through a purchase, buy a lottery ticket, or apply for a new job, chances are that the email you receive offering you all you ever dreamed of and more is a scam. The bad guys want to dupe you into giving up financial or other personal information, which they can then use to blast out spam, steal from you, or do other harm to your reputation.
2. Don’t fall for the urgent plea. Spam and phishing artists exploit the use of emotion in their communication, usually with some sort of urgency associated with the request. Examples:
- Pulling at your heartstrings with a request to send money to a friend or relative who has supposedly been stranded as a result of an unfortunate incident.
- Scaring you with an email alerting you that your account is close to exceeding its quota limit or that the account has been compromised. (The email then asks you to click on a link and log into a website to make sure you do not suffer an interruption of service. By logging into such sites, you may unknowingly give out your Hawk or Healthcare ID and password, paving the way for the scammers to do just about anything they want—like changing or altering your direct deposit information, skimming money off of your hard-earned paycheck, or using your email account to trick even more people by sending spam under your good name.
So how can you avoid the deception?
1. Drag suspicious email with graphics or images into your Outlook “junk” folder. Email in this folder is stripped of the images, often leaving behind the URLs you can easily scan to see if they are legitimate uiowa.edu addresses.
2. Always hover the mouse over links to be sure they are real university URLs before clicking them.
3. Do not willingly give out personal details before verifying the source of the email with your local IT support person or the ITS Help Desk. Remember, YOU have the responsibility and control to protect YOUR information!
4. Visit the following online ITS Help Desk resources as often as needed to develop and hone your ability to spot a scam:
- How to spot fake email addresses
- Understanding website names
- How to unmask concealed URLs
- How to spot deceptive internet addresses
- Forged email addresses
What if it happens to you?
The bad guys are getting better and better at coming up with new, convincing ways to trick people. Not all phishing emails are littered with misspelled words; some look quite professional, with official logos and institution-specific terms like ITS, HawkMail, or HawkID.
Unfortunately, there will be times when users "fall for it" and divulge personal information or click a link to an infected website that will download malware to exploit weaknesses in computer systems.
If you do happen to click a bad link or give out your info, the best thing to do is to contact a local IT person or the ITS Help Desk immediately. Don’t be too ashamed to call—it can happen to anyone, no matter how smart you may be. It’s very important to call in a pro to help before more damage can be done.