Our campus is constantly under attack by a barrage of attempts to steal personal information, often referred to as phishing. Often these attacks come during holidays or breaks when campus IT support is unavailable. Even when you cannot contact the IT Service Center there are still clues and resources to help you figure out if the e-mail you have received is legitimate or a phishing attempt.
The most important thing to remember is that the university will never send e-mail asking for your private data (e.g. passwords, SSNs, credit card numbers, etc.). You should be suspicious of messages that direct you to provide this information. In fact, a good rule of thumb is if you think it might be a phishing attempt, it probably is.
The Office of Information Technology compiles reported phishing attempts on its Phishing E-mails page. You can contribute to this catalog by reporting messages that you believe might be phishing attempts by following the steps on the Report Suspicious Messages page. Although the university uses technology to block malicious e-mails and phishing websites, this technology is no substitute for being a conscientious Internet user.
So how do you stay safe? Here are some quick tips:
- Be suspicious of attachments and unexpected email messages.
- Use antivirus software to scan anything that you receive in your email.
- True company-based emails never send attachments
- Make sure the link actually goes to their site & not a spoofed one!
- Be careful about clicking on embedded web links in email.
- Be cautious about web sites you visit.
- Don't enter sensitive information on a site you don't trust.
- Make sure online transactions are actually secure (look for the lock on the bottom right of your browser window).
- Don't just click on a link, copy it into your web browser and open it that way - that even includes OIT links in the emails we send! Online criminals can hijack your web session and take you somewhere else that may only look like the site you intend to visit.
- Don't click on pop-ups or ads.
- Be wary of emails asking for personal or financial information.
- Use VPN (Virtual Private Network) - CU-Boulder faculty, staff, and students have access at no cost.
- Keep your operating system and antivirus software up to date so that your computer can help you in the fight.
- Don't let your browser be "helpful" by allowing auto fill-out of forms.
- Use common sense. If it sounds weird or too good to be true, it probably is!
- Be wary of unsolicited technical advice.
- Remember, email messages shouldn't be considered secure. Because email can be forwarded to anyone, consider the messages you send public information.
- Always remember to log-off when connecting to secure web sites. If you do not, the next user of the computer may have access to your data.
- Public computers may not always be securely configured and pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer.
More information about phishing and how to stay out of harm's way is on the OIT Security Awareness site. Find a list of IT resources and holiday hours on the OIT website.
