Archived Security News

This section contains archived news stories published from our information security office.

11.9.21: TEXT SCAMMING

Submitted By: David Zambri, Chief Information Security Officer

Subject: Be Vigilant About Scams

UCF students, faculty and staff were recent targets of a text messaging scam, and we want you to be aware of ways to protect your information.

Scammers may send you a text or email, often impersonating others at UCF, asking you to purchase gift cards for a special event. UCF will never ask you to do that. Do not click any links or respond to any messages or calls from these scammers.

These phishing attacks are the most common methods criminals use to scam, steal and infect systems with malware. Know how to spot a phishing attack, such as messages with a sense of urgency, pressure to click a link or open an attachment, or offers that are too good to be true.

Make it difficult for your accounts to be compromised. Set strong passwords that you immediately change if compromised, and never click on a link from a sender you do not know or trust.

Please be vigilant about suspicious emails and text messages and report anything that you believe to be unusual or malicious to SIRT@ucf.edu. Your vigilance can be a first line of defense against these attacks.

We appreciate you being on the lookout and helping to protect yourself, each other and UCF.

7.13.21: UCF EXPANDING MULTI-FACTOR AUTHENTICATION PROTECTION

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF Expanding Multi-Factor Authentication Protection

Multi-Factor Authentication (MFA), also known as two-step verification, requires users to verify their identity using two different credentials. These credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smartphone or USB key), or something you are (like your fingerprint).

UCF InfoSec recommends enabling MFA protection on all your accounts that offer it. Did you know that MFAis available to protect your UCF email account (@ucf.edu email account and all of Microsoft 365 services, including OneDrive)?

WHY SHOULD I USE MFA?

Login credentials are more valuable than ever and are increasingly easy to compromise. Most breaches today involve compromised usernames and passwords. MFA enhances the security of your account by using a secondary key to verify your identity. This prevents anyone but you from accessing your account and data, even if they know your password.

HOW CAN I ENABLE MFA TO PROTECT MY ACCOUNT AND DATA?

You can submit a ServiceNow request to enroll your UCF Microsoft 365 account in MFAhere: https://ucf.service-now.com/ucfit?id=sc_cat_item&sys_id=ce6390d41b4da01065100feddc4bcbfd

Thank you for wanting to protect your account, your fellow Knights, and UCF!

WHAT CHANGES ARE COMING IN AUGUST?

If you are currently required to use MFA to sign on to myUCF, then on August 12 you will be required to use MFA to access your UCF email (@ucf.edu email account and all of Microsoft 365 services, including OneDrive).

All employees will use MFA to sign on to the UCF Enterprise Virtual Private Network (VPN).

WHAT DO I NEED TO DO?

If you already use Duo MFA, no action on your part is necessary. If you have not already enrolled in Duo, please visit the MFA KB article and scroll to the “How Do I Get Started” section that explains how to enroll: https://ucf.service-now.com/ucfit?id=kb_article&sys_id=3e87febbdbf0acd003f806d1ca9619d2.

IS MFA EASY TO USE?

Yes, there are several ways to obtain the secondary key when using MFA. UCF InfoSec recommends the easiest method: using the Duo application on a smartphone and the Duo Push notification method. When signing on the notification will appear on your smartphone, and with a few simple taps, you’re done!

To learn more about MFA at UCF, please visit https://infosec.ucf.edu/mfa.

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

———————

UCF will never send messages asking you to respond and provide personal information, login credentials, or passwords via email. You are not required, nor does UCF encourage or recommend providing your passwords and/or other secret login credentials to anyone claiming to represent UCF. Never respond to unsolicited email messages requesting your password, credentials, or other confidential information and never share your password with anyone. Regard all unsolicited messages with extreme caution and alert the Security Incident Response Team at SIRT@ucf.edu if a message appears suspicious.

7.13.21: STATUS PAGE ADOPTION

Submitted by: Scott Baron, Assc Director, IT Performance and Service Management

Submitted for: Michael Scruggs, Assc VP Deputy CIO & CTO

Subject: Statuspage Adoption

UCF Service Status Health Dashboard

We want to encourage the adoption and use of the UCF Service Status Health Dashboard. Over the past couple of weeks, the dashboard “opt in” status has increased by 20%.

The website provides updates regarding the status of critical services for the UCF community. It can be found at the following address: https://status.ucf.edu/. Currently this dashboard is primarily IT focused, however various departments are starting to add other critical university systems and services to this dashboard. These areas can include but not be limited to; IT, Facilities, Research, Data reporting & analytics, websites, etc.

We encourage you to visit the dashboard and click the “Subscribe to Updates” button to receive immediate notifications of service disruptions that may impact you. For step-by-step instructions, use the following link to guide you: https://ucf.service-now.com/kb_view.do?sys_kb_id=fa9cf4c71b30b010caa8997a234bcbc8). Please take notice of being able to subscribe to both text and email notifications.

For any additional questions or support, please contact the UCF Support Center at 407-823-5117.

Thank you.

7.6.21: UCF INFOSEC TIPS – PROTECTING YOUR ACCOUNTS AND UCF DATA

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF InfoSec Tips – Protecting Your Accounts and UCF Data

UCF InfoSec would like to remind employees of the importance of information security. We are all responsible for ensuring the security of our UCF accounts, the university’s technology resources, and the data UCF collects, processes, and stores. Phishing and ransomware remain significant threats to educational institutes, and we must remain vigilant to guard against these threats.

1. How can I protect my accounts?

• Set a strong, unique password for each account and never share your password with anyone

• Enable Multi-Factor Authentication (MFA) on all accounts that support it. Learn how to enable MFA on your UCF Microsoft 365 email: https://infosec.ucf.edu/mfa

• Before entering your username and password on a site, closely examine the website address to ensure it’s legitimate

2. How can I protect UCF data?

• Review UCF Policy 4-008 and be sure you know what Restricted and Highly Restricted data is, how it can be protected, and where it can be stored: https://policies.ucf.edu

• Do not store university data on personal devices or personal cloud storage

• Always use the UCF VPN whenever accessing sensitive UCF data while off campus: https://ucf.service-now.com/ucfit?id=kb_article&sys_id=3ec34f471b3b48d05cd6b912cd4bcb74

• When working with university data, make sure you are in an area where others cannot view your device screen or access printed materials

• Do not use personal devices or personal email to conduct university business

3. What is ransomware and how can I guard against it?

Ransomware is a type of malicious software (malware) that encrypts data on a system to prevent you from accessing it unless you pay a ransom. In some cases, it also sends a copy of the data to the cyber criminals, who will then threaten to release sensitive data publicly unless the ransom is paid.

Ransomware is nothing new, but we’re hearing about it in the news because it’s become so profitable to cyber criminals around the world. You can help protect UCF from suffering a ransomware attack by taking the following steps:

• Don’t take the bait: phishing attacks are the most common methods cyber criminals use to infect systems with malware. Know how to spot a phishing attack, such as emails with a sense of urgency, pressure to click a link or open an attachment, or offers that are too good to be true. Report suspicious emails using the Phish Alert Button: https://infosec.ucf.edu/awareness/phish-alert-button/

• Secure your accounts: don’t make it easy for the cyber criminals to compromise your accounts. See the tips above to protect yourself, and if you believe your password has been compromised, change it immediately.

• Secure your systems: make sure your devices are up to date and running an anti-malware solution. Enable automatic updating whenever possible. Your IT support will manage this for university-owned devices.

These steps can help you protect your systems from malware, both at work and at home. UCF InfoSec is here to help you with any information security concerns you may have. If you have any questions, please contact us at infosec@ucf.edu.

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

6.28.21: UCF INFOSEC ALERT – PHISHING ATTACK TARGETING UCF EMPLOYEES

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF InfoSec Alert – Phishing Attack Targeting UCF Employees

UCF InfoSec has been made aware of a phishing message recently sent to UCF employees. Below are the details:

From: Karen Hickey

Subject: Fw: Employee support program

The message claims that UCF will provide financial assistance for employees impacted by the COVID-19 pandemic and asks recipients to click a link to register.

This message is fraudulent, and clicking the link or providing personal information may lead to financial loss or account compromise.

If you received such an email, please report it using the Phish Alert Button within Outlook.

If you clicked the link and provided any sensitive information (e.g., credit card numbers, Social Security number, etc.), notify the Security Incident Response Team by submitting a Service Now ticket: https://ucf.service-now.com/ucfit?id=sc_cat_item&sys_id=8b37a93b4fe2a6005af423d18110c7d5&sysparm_category=74a5d6564f0cb2005af423d18110c76a&catalog_id=-1 .

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

6.3.21: UCF INFOSEC ADVISORY – SPEAR PHISHING CAMPAIGNS TARGETING GOVERNMENT AND NON-GOVERNMENTAL ORGANIZATIONS

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF InfoSec Advisory – Spear Phishing Campaigns Targeting Government and Non-Governmental Organizations

UCF InfoSec would like to make the UCF community aware of a joint CISA / FBI advisory regarding a recent spear phishing campaign. Unlike phishing messages that are generic, spear phishing attacks are often targeted to specific organizations or individuals and can be very difficult to spot. Spear phishing messages use content that’s relevant to you and may include information about you, your employer, or a company with which you’ve done business in an effort to appear legitimate.

From the CISA / FBI advisory:

CISA and the Federal Bureau of Investigation (FBI) are responding to an ongoing spear phishing campaign targeting government organizations, intergovernmental organizations, and non-governmental organizations. A sophisticated cyber threat actor leveraged a compromised end-user account from Constant Contact—a legitimate email marketing software company—to spoof a U.S. government organization and distribute links to malicious URLs.

View the advisory here: https://us-cert.cisa.gov/ncas/alerts/aa21-148a

UCF InfoSec reminds you to stay vigilant when reviewing messages. Regard any unexpected emails with suspicion, especially those that contain language to convey a sense of urgency or threaten you with consequences if you fail to take action, such as clicking a link or opening an attachment.

You can help protect UCF by using the Phish Alert Button to report any suspicious emails to the Security Incident Response Team. If you have any questions about information security, contact us at infosec@ucf.edu – we’re here to help.

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

———————

4.26.21: UCF INFOSEC TIPS – SCAMS IMPERSONATING UNICEF TARGETING UNIVERSITY STUDENTS

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF InfoSec Tips – Scams Impersonating UNICEF Targeting University Students

UCF InfoSec would like to warn the UCF community of scams targeting university students. Scammers are sending students emails that appear to come from other students, offering an internship or part-time employment with UNICEF. The scammers usually mail checks to the students, claiming that these checks contain their first paycheck and additional funds allegedly intended to purchase items for foster homes or orphanages on behalf of UNICEF.

These checks are fraudulent, and following the scammer’s instructions could result in financial loss. This scam fits the style of overpayment scams we’ve seen in the past.

1. How does the scam work?

Once the victim responds and provides personal information, the scammer sends a check and asks that a portion of the funds be sent to a different financial account. Sending money via a payment app or wire transfer is almost instantaneous, but it may take several days for the bank to process the check. By the time the bank notifies the victim that the check is fraudulent, the victim’s money and the scammer are gone.

2. How can I avoid becoming a victim?

If you did not apply for a job, view any messages promising one with suspicion. Remember, an unsolicited offer of employment may be a scam if it:

* offers to send you a check and requests that you wire back a portion of the funds; don’t be fooled just because they’re sending you a check first!

* sends an offer to your Knights email but requires you to respond using your personal email.

* promises large income for minimal work.

3. How can I protect my account and my fellow Knights?

Scammers prefer sending these scam and phishing messages from other student accounts to make them appear more legitimate. Making sure your Knights email password isn’t used for any of your other accounts, and enabling Multi-Factor Authentication (MFA), can make it more difficult for scammers to compromise your account and use it to send phishing emails. Learn more about MFA here: https://infosec.ucf.edu/mfa .

4. How can I report these phishing emails?

If you receive such an email, report it to the UCF Security Incident Response Team by forwarding it as an attachment to SIRT@ucf.edu . By reporting it, you’re helping us stay aware of the threats targeting our community so we can respond accordingly.

To learn more, please see https://www.unicef.org/careers/beware-fraudulent-job-offers and https://infosec.ucf.edu/scam . Please inform your fellow Knights, friends and family to help protect themselves against cyber threats and predatory scam artists.

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

———————

4.20.21: INFOSEC TIPS – DEALING WITH THE FACEBOOK DATA BREACH

Submitted by: UCF IT

Submitted for: UCF Information Security Office (InfoSec)

Subject: UCF InfoSec Tips – Dealing with the Facebook Data Breach

As you may have read in the news, Facebook announced it was breached in 2019 with the personal records of over 500 million Facebook users acquired by cyber criminals. Those 500 million records were recently publicly released, enabling anyone in the world to potentially access them. If you had a Facebook account on or before 2019, your data may have been included in that breach and released publicly. Examples of your information that could have been released include your name, home address, phone number, email address, birth date, or any other information you provided to Facebook.

One way to check and see if your information was released is to visit https://haveibeenpwned.com and submit the email address you use(d) for your Facebook account.

If you are concerned your data was obtained and released, here are several steps you can take to protect yourself:

* Change the password you use for Facebook. This new password should be strong and different than any other password you use for any other account.

* Set a unique password for each of your accounts. UCF InfoSec strongly recommends using password managers to keep track of your account passwords.

* Wherever possible, enable Multi-Factor Authentication (often called 2FA, MFA, also two-factor, multi-factor, or two-step verification) on your accounts, especially for your email account and any financial accounts.

* Protect your privacy by being very careful about what information you share with any websites. Always assume any website you have an account with can be hacked and your data stolen, or that your information will

be sold or shared with other companies.

* Realize that you can do only so much to protect your data. Because so many other companies and organizations collect, share, and sell your data, you must assume cyber criminals already know a great deal about you.

This means they can use your personal information to trick or fool you into making a mistake, using a technique called Social Engineering. Just because someone calls you and knows your birth date does not prove they are from your bank or the government. Just because someone emails you with personal details, such as your phone number, home address, or even a password you’ve used, does not mean they are really who they claim to be. Be very careful and suspicious of emails or phone calls asking you to share personal information, such as your password, bank account or credit card, or pressuring you to take actions that seem odd or suspicious (such as paying a fine).

UCF InfoSec is here to help you keep your digital identity secure. Review the resources available on our site at https://infosec.ucf.edu and, if you have any questions, contact our office at infosec@ucf.edu.

Thank you,

UCF Information Security Office

infosec@ucf.edu

Twitter: @UCF_InfoSec

https://infosec.ucf.edu

———————

4.22.20: INFOSEC ALERT: EXTRA VIGILANCE TO SECURE YOUR ACCOUNTS DURING COVID-19

Submitted by: Information Technologies and Resources

Submitted for: UCF Information Security Office

Subject: Extra vigilance to secure your accounts during COVID-19

The UCF Information Security Office (InfoSec) wants to help you keep both your personal and work accounts secure. It is more important than ever to stay on guard against information security threats.

Cybercriminals are determined to take every opportunity that will give them any advantage when it comes to phishing and scams. Security researchers have found that phishing attacks worldwide increased over 600% last month. As a result of the current pandemic’s impact on our daily lives, and the increased volume of phishing attacks, we need to be at a heightened state of alert.

Whether it’s your personal or work account (or one belonging to a colleague, friend, or family member), a compromise can have a significant impact on your life. To mitigate the cyber risks from phishing, we will be continuing our simulated phishing campaigns. Please refer to our site and review the video to understand why, especially now, this is so important: https://infosec.ucf.edu/awareness/phishing/simulated-phishing-campaigns/.

1. Examples of malicious activity attempting to exploit the Coronavirus pandemic include:

– Selling fake tests or cures: scammers have been marketing fake “cures” or “test kits” that are unreliable at best;

– Impersonating health organizations to try to get you to click on a link, visit a website, open a malicious attachment, or share sensitive information;

– Setting up fake Coronavirus news and information websites to install malware, steal your login credentials, or bank account information;

– Seeking donations for fraudulent charities.

2. The following steps will help you protect your accounts. Please feel free to share these tips with family and friends to help them stay secure:

– Enable Multi-Factor Authentication (MFA) on all accounts that offer it;

– Regard emails that claim to offer Coronavirus information with skepticism;

– Closely examine links in emails to make sure they’re taking you to the expected site, and when in doubt, visit the website using your bookmarks or by typing the address into your web browser;

– Only use trusted sources, such as government websites, for Coronavirus information;

– Never provide your personal information, including Social Security Number, password, or banking information over the phone or email;

– Always verify a charity before donating: for more information, refer to the FTC’s website here: https://www.consumer.ftc.gov/articles/0074-giving-charity .

InfoSec is here to help you stay secure during this difficult and unprecedented time. If you have any questions, please contact us at infosec@ucf.edu. Thank you for remaining vigilant and helping to keep UCF and yourself secure.

Thank you,

UCF Information Security Office

infosec@ucf.edu

infosec.ucf.edu

———————

4.14.20: INFOSEC ALERT: CYBERATTACKS INCREASING DURING CORONAVIRUS PANDEMIC

Submitted by: Information Technologies and Resources

Submitted for: UCF Information Security Office

Subject: UCF InfoSec advisory: Cyberattacks increasing during Coronavirus pandemic

Cybercriminals are taking advantage of financial concerns and the increase of remote work during this difficult time. Security researchers are seeing an increasing volume of financial scams, wireless router attacks, and phishing messages.

1. Financial scams

Attackers are sending phishing emails impersonating major financial institutions claiming to have received the recipient’s stimulus check. Recipients are asked to verify their account information to receive the funds. These messages may use a deadline to give victims a sense of urgency.

If you receive an email claiming to be from your bank, refer to the contact information listed on your account statements or bank card instead of clicking on any links. For more information on the economic impact payments, please see the IRS website: https://www.irs.gov/coronavirus-tax-relief-and-economic-impact-payments.

2. Wireless router attacks

Cybercriminals are targeting home wireless routers to send victims to fake Coronavirus-themed websites. Attackers gain access to the router by brute forcing admin passwords. Once in, they change the router’s domain name system (DNS) settings to redirect victims to malicious websites.

If you attempt to visit a website but find yourself redirected to a site offering Coronavirus information apps to download, you may be affected. Follow these steps to resolve the issue:

– Change your router’s administrator password to a new, complex password.

– Check your wireless router’s DNS settings and remove any servers you did not add. Refer to your router manufacturer’s website for instructions.

3. Phishing

Cybercriminals have ramped up their phishing attacks. It is critical that you remain vigilant and cautious when receiving emails that ask you to take action. Closely examine links and the email address of the sender in emails and do not open attachments you weren’t expecting.

4. How can I protect myself and UCF?

– Make sure your wireless router is running the latest firmware provided by the manufacturer.

– Set a unique, complex administrator password on the router.

– Avoid downloading software from unknown sources.

– Ensure you are running up-to-date antimalware software on your devices.

– Use the UCF VPN any time you need to connect to your office computer: https://secure.vpn.ucf.edu/

– View any emails or websites claiming to offer Coronavirus updates with suspicion.

– Contact the sender via a trusted phone number to confirm messages before opening attachments.

– Forward suspicious emails to mailto:SIRT@ucf.edu and use the Phish Alert Button to report phishing attempts: https://infosec.ucf.edu/awareness/phish-alert-button/.

If you have any questions, please contact the Information Security Office at infosec@ucf.edu. Thank you for remaining vigilant and helping to keep UCF and yourself secure.

Thank you,

UCF Information Security Office

infosec@ucf.edu

infosec.ucf.edu

———————

2.21.20: INFOSEC ALERT: CORONAVIRUS PHISHING EMAILS

Submitted by: Information Technologies and Resources

Submitted for: UCF Information Security Office

Subject: InfoSec Alert: coronavirus phishing emails and gift card scams

The Information Security Office is alerting the UCF community about recent scams being reported by security researchers.

Coronavirus phishing messages:

Cyber criminals are taking advantage of widespread press coverage of the coronavirus outbreak to prey on unsuspecting people by crafting phishing emails to increase the chance of spreading malware and stealing your personal information. These phishing emails are designed to appear as if sent from health officials or agencies such as the Center for Disease Control and Prevention.

Some versions of these emails suggest clicking a link to view information about “new coronavirus cases around your city.” Other versions suggest downloading an attached PDF file to “learn about safety measures you can take against spreading the virus.” Do not click on these malicious links, which will bring you to a webpage designed to steal your personal information. Downloading an attached file may infect your computer with malware.

In Outlook, use the Phish Alert Button to easily report any phishing messages you receive. For more information, please visit https://infosec.ucf.edu/awareness/phish-alert-button/ .

Thank you,

UCF Information Security Office

infosec@ucf.edu

infosec.ucf.edu

———————

2.14.20: ENHANCED & DOCUMENTED VRM WORKFLOW

All software and technology solutions that stores or processes data outside of UCF (“in the cloud”) will need to go through the full VRM review process. Additionally, it is assumed all employees are aware and in compliance with applicable institutional requirements across the research, education and clinical missions. For more details, please visit our Software Vendor Review page.

Software Vendor Review

1.2.20: KNOWBE4 SECURITY AWARENESS

In addition, as part of our shared commitment to deliver a secure computing environment and defend against sophisticated information security threats, HealthIT in collaboration with the University’s Information Security Office, will be providing security reminders and awareness training through an online training platform provided by our awareness vendor, KnowBe4.

Training will cover topics ranging from spam, phishing, spear phishing, malware and social engineering mechanisms, and the like. Please be on the lookout for an e-mail from KnowBe4 in the upcoming weeks so you can complete the training.

Completion of this training is not mandatory but highly encouraged as it will provide relevant and up to date information about threats that we all may come across.

7.1.19: DIGITAL SPONSORED ACCOUNT REQUEST FORM – NOW AVAILABLE

7.1.19: NEW DATA CLASSIFICATION CHECK IN CONTRACT REVIEW PROCESS