While people are preparing for their next vacation, cybercriminals are looking for their opportunity to strike. Check Point Research warns about this and common phishing attacks related to summer vacations.
According to the research company, “In May 2023, the period running up to summertime, 29,880 new domains related to holidays or breaks were created. This represents a 23% year-over-year increase compared with the same period last year, when 24,367 new domains were created. Of those websites that went live, 1 in every 83 were either malicious or suspicious.”
They also observed several phishing campaigns with some examples of an approved vacation request for time off and a fake announcement on the annual and summer open vacation plan for this year.
Summer is here, which means cybercriminals will attempt to trick you into falling for their common tricks. Make sure to watch out for these warning signs:
- Emails that sound ‘too good to be true’ for an all-expense paid trip probably are
- Look out for domains that have any misspellings or additional letters
- If the URL doesn’t start with HTTPS, it’s most likely not legitimate
Ensure you stay safe this summer and ALWAYS Think Before You Click!
What has been reported to abuse@uthsc.edu this past week?
- [Ext] Uthsc EmaiI Service: REVIEW EXPIRE-Today – this phish was trying to steal the recipient’s NetID and password by having them click a link and log into a fake Microsoft site.
- IT DESK WARNING – from a compromised account from another UT campus, this phish used a sense of urgency that their email account would shut down unless they clicked a link to fix it.
- [Ext] Task – this phish is the start of a gift-card scam, pretending to be someone on campus asking another for a “favor”.
- Password Reset Request – another phish attempting to look like Microsoft wanting the recipient to click a link to “keep your password” which is against UTHSC policy.
- Chancellor Buckley Impersonation – this wasn’t actually an email, but the scammers tried to bypass UTHSC communications and go directly to people’s cell phones spoofing Dr. Buckley’s name in an attempt to ask for a “favor”.
- [Ext] INVESTMENT CO-OPERATION. – this phish is the classic “Nigerian Prince Scam” asking for help investing $23.5 million USD.
Keep reporting suspicious emails to abuse@uthsc.edu for examination. If you wish to report an incident to the Office of Cybersecurity, use TechConnect.