- Author: Jaki Hsieh Wojan, Chief Information Security Officer
Phishing emails are the most common way cybercriminals attempt to gain access to an organization's systems. Spam filters will catch many of these emails, but your trained eye can easily spot the rest. Here are some tips to help you spot a phishing email and keep ANR safe from malicious actors.
Below is a suspicious email received by an ANR employee this week. The employee noticed the email seemed off and sent it to IT. Great job at spotting the phish!
- Check the sender
This may be a legitimate UC Davis email account, but it seems weird that a random person at UC Davis would send notification of an Office 365 termination to an ANR employee. If there was an issue with an Office 365 account, notification would likely come from ANR's IT – not directly from UC Davis. Additionally, if the email sender is someone you don't know and don't normally communicate with, keep your guard up.
- Subject line
In our example above, the subject line is blank. For an email notifying someone of account termination, there should be a formal subject line. This is a red flag.
- Poorly written
You can often tell if an email is a scam if it contains poor spelling and grammar.
A notification of account termination would be formal and checked for spelling errors and poor grammar. Informal emails on serious subjects containing awkward grammar and misspelled words are likely phishing attempts.
- Suspicious links
Whenever a link is sent in an email, use your mouse to hover over the link to see where it really leads. If a hyperlink address does not match the address text, it is most certainly a phishing attempt.
Use these tips to help identify phishing emails. When in doubt – don't click a link in an email, reach out to IT or your unit director for verification of an email's legitimacy.
- Author: Pamela Kan-Rice
UC was one of more than 100 institutions targeted by a nationwide cyber-attack. As a result, certain university data was accessed without authorization. Protecting the UC community remains the university's top priority. Visit UCnet's Accellion data breach page to learn how to protect yourself, find answers to your questions, and get more information on how you can access free credit monitoring and identity-theft protection.
You can also contact an Experian call center dedicated to the UC breach at (866) 904-6220.
The Substitute Notice of Data Breach was updated on May 21. The FAQs for the Accellion incident are frequently updated so please check https://ucnet.universityofcalifornia.edu/data-security/updates-faq/index.html regularly.
- Author: Pamela Kan-Rice
UC is one of several institutions targeted by a nationwide cyber attack on Accellion's File Transfer Appliance (FTA), a vendor service used for transferring sensitive information. This attack has affected approximately 300 organizations, including universities, government institutions and private companies. In this incident, the perpetrators gained access to files and confidential personal information by exploiting a vulnerability in Accellion's program.
You may register with Experian IdentityWorks for credit monitoring services, using the enrollment code JCZGTC333. If you have already registered, there is no need to take any further action to activate your monitoring.
UCOP has published FAQs in both English and Spanish and is adding to and updating the list as more information becomes available: https://ucnet.universityofcalifornia.edu/data-security/updates-faq/accellion-faq.html. These FAQs address more questions from the community, including questions about the Experian notifications.
UCOP has added recorded webinars about ways people can protect themselves to https://ucnet.universityofcalifornia.edu/data-security/index.html, in both English and Spanish.
UC regards the privacy of all of our community members with the utmost seriousness. We will keep the UC ANR community updated as we learn more and are able to share additional information.
UC has learned that it, along with other universities, government agencies, and private companies throughout the country, was recently subject to a cybersecurity attack. The attack involves the use of Accellion, a vendor used by many organizations for secure file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion's file transfer service.
Upon learning of the attack, UC immediately reported the incident to federal law enforcement, took measures to contain it, and began an investigation. At this time, we believe this attack only affected the Accellion system and did not compromise other UC systems or networks.
UC's investigation includes a review of the files we believe may have been copied and transferred as part of this attack. Upon completion of our review, we should be able to better assess the data and individuals impacted. Once we can identify affected individuals, we will notify them and provide information regarding additional next steps.
We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner.
Watch out for suspicious emails
We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states:
“Your personal data has been stolen and will be published”
By their nature, these kinds of attacks are very broad and somewhat imprecise. Accordingly, some UC community members receiving these threatening emails will not have had their data compromised, while other community members with compromised data may not receive any email.
Anyone receiving this message should either forward it to your local information security office or simply delete it.
Important reminders about protecting yourself, and UC
We remind all members of the UC community to not click on links or open attachments unless you know and trust the sender.
In addition, you may wish to take the following steps to protect your information:
- Consider taking additional identity theft measures described at https://www.identitytheft.gov/databreach
- Place a fraud alert with one of the three nationwide credit bureaus:
- Place a security freeze on your credit report by making a request to the three credit bureaus.
UC regards the privacy of all its community members with the utmost seriousness. We will update the UC community as we are able to disclose additional information.
Related reading:
Five rules for protecting your security online