It is not uncommon to receive phishing emails. We’ve talked about them in the past, but this week’s tip is a list of the most common phishing subject lines you need to look out for. By no means do we say these are the ONLY phishes out there, but read more for the list and see if you’ve gotten any, whether in your UTHSC email or your personal accounts. If you receive anything suspicious in your UTHSC email, forward it to abuse@uthsc.edu for examination.

If you are on Facebook, you’ve probably seen a post tagging people you know stating “I can’t believe he is gone. I’m gonna miss him so much.” The post contains a link to a news article or video, but when you click the link, you are taken to a web page that prompts you to log in to Facebook. If you enter your information, you are taken to an unrelated page. No news article exists, but scammers have just stolen your Facebook credentials using a phishing attack. Then they turn around and use those credentials to send that fake post to your family and friends, hoping to get their credentials. Read more to learn why they do this and how to protect yourself.

UTHSC received a huge amount of phishing emails in December 2023, about 500% more than normal. Only 3.5% made it to peoples’ inboxes, but we are a target. You must stay aware of how the scammers are trying to get in to safeguard your devices, whether UTHSC-owned or personally owned. General rules – 1) be wary of unsolicited emails, especially those requesting sensitive information or urgent action, 2) verify the legitimacy of emails by checking the sender’s address, and 3) avoid clicking on suspicious links. #BeCyberSafe

Ever get a call from someone claiming to be tech support, urgently needing your password to “fix” a problem? Beware! This is a classic phishing scam aimed at stealing your login credentials. the UTHSC ITS Service Desk, along with any other reputable tech support (from your bank, computer manufacturer, Microsoft, etc.), will never ask for your password over the phone. Read more to learn what to do about these scams.

You’ve been taught how to spot a phish. You’ve probably seen enough of them in your inbox that you are pretty confident one won’t get past you. You are suspicious (which is a good thing). But cybercriminals are getting better at delivering credible communications. Read more to learn how phishing is evolving and new signs and trends.

Oftentimes, cybercriminals gain access through in-house negligence — hence, awareness is key. Teach those who hold sensitive information to recognize suspicious links, the role of strong password measures, and regular software updates, among other relevant factors. Notably, a strong defense starts with educated vigilance. Read more for tips on educating your family or team on cybersecurity.

If you missed the tip of the week last week, you were not alone! We want to update everyone on the types of scams you will encounter this holiday season, so we updated our Holiday Scams page (https://uthsc.edu/its/cybersecurity/holiday.php) for up-to-date information. #BeCyberSafe

You can buy a small padlock for less than a dollar—but you shouldn’t count on it to protect anything of value. A thief could probably pick a cheap lock without much effort, or simply break it. And yet, many people use similarly flimsy passwords to “lock up” their most valuable assets, including money and confidential information. Check out the SPAR Passwords page (https://uthsc.edu/its/cybersecurity/passwords.php) for an explanation of why strong, unique passwords matter, along with some graphics and videos if you don’t like to read a lot of words. #BeCyberSafe