Credential phishing is a cyberattack where scammers trick you into revealing your login credentials, such as usernames (NetID) and passwords. These attacks typically come in the form of fake emails, text messages, or websites designed to look legitimate. These scams have increased over 700% in the second half of 2024.
Why Should You Care?
If attackers gain access to your credentials, they can:
- Steal sensitive information: Access your email, bank accounts, or UTHSC systems.
- Compromise your identity: Impersonate you to commit fraud or target others.
- Gain more access to your life: If you use the same password across multiple accounts, scammers will try those same email and password combinations on other platforms. This is called Credential Stuffing, which will be explained in next week’s tip.
How to Protect Yourself:
- Verify Links: Hover over links to check their actual destination before clicking.
- Be Skeptical: Watch for generic greetings, urgent requests, or unexpected attachments.
- Use Multi-Factor Authentication (MFA): Even if your password is compromised, MFA adds an extra layer of protection.
- Report Suspicious Activity: If the activity is related to UTHSC, forward the suspicious communication to abuse@uthsc.edu. If it concerns a personal account, contact the owner or business of that account, e.g., your bank, social media account, etc.
Staying vigilant can protect both you and UTHSC from significant harm!
Do you like these weekly tips? If you’ve missed some, are new to the university, or want to search for a tip on a certain topic, these are all stored in our Tip Archive.