草榴社区 (UAH), part of The University of Alabama System, has named Danny Tang as its chief information officer, effective February 17, 2025.

What to Do When You See Something

by Staci Radden, OIT Cyber Analyst

This last cybersecurity awareness month article is all about incident response, and what to do when you see something suspicious.  Reporting any questionable cyber activity is a way to protect UAH鈥檚 data and systems. Therefore, it is critical that we remain diligent in recognizing and reporting suspected cybersecurity threats.

What to Report

As discussed in our previous articles this month, cybersecurity risks can present in a multitude of ways, including phishing emails, malware, ransomware, social engineering (e.g., job scams & tech support scams) and much more! Such threats can jeopardize personal data and put UAH processes into disarray. A few examples of suspicious activity are included below.

Ransomware

()

Phishing Email

()

Fake Pop-Up

()

These are not the only examples of cybersecurity risks and these risks can take on a number of forms.  Regardless of their appearance, any potential cybersecurity risk should be taken very seriously.

Why to Report

Have you ever tried to rationalize why you shouldn鈥檛 report a possible threat?

• 鈥淚t鈥檚 probably nothing.鈥�
• 鈥淚鈥檓 just being paranoid.鈥�
• 鈥淚鈥檓 sure someone else will report this issue.鈥�

We may feel embarrassed about clicking a link in error or worried that we caused a problem. We may be afraid that we are making a big deal about nothing and creating unnecessary alarm. However, by communicating a potential security issue, you are helping the Office of Information Technology (OIT) do its job. Your prompt reporting allows UAH鈥檚 cybersecurity team to quickly react, often preventing the incident from becoming bigger and impacting more people. The valuable information you provide can assist OIT in improving security measures, such as user education, anti-phishing tools, stronger password policies, and software updates.

How to Report

To report suspicious cyber activity, contact the OIT Help Desk at helpdesk@uah.edu or 256-824-3333. Provide them with as much information as possible, including date, time, description of the issue, and any screenshots available, as well as forwarding phishing emails.

Remember, we all play a crucial role in keeping UAH #ChargerSecure!

Protecting Yourself While Working Remotely

This week is all about protecting ourselves while we are working remotely; whether you have a position that is approved for telecommuting or travel frequently for the university. The ability to work from anywhere has revolutionized how we support our students and has given us the flexibility that many of us enjoy. However, that flexibility also brings with it unique cybersecurity challenges. 

Below are some tips to protect yourself, your family, and UAH while you work away from the main campus.

Keep Your Device Secure

Whether you are using a tablet, laptop, or other mobile device, the university is only as secure as the devices that connect to it. It is crucial that you keep your device as secure as possible. It is best practice that you:

1. Keep your operating system and applications on the latest supported versions. Your system should be configured to automatically update when new versions are released. If you are unsure if this is the case, contact your UAH support personnel.
2. Do not allow non-UAH personnel (even family members) to use your device. UAH devices are provided to you to fulfill UAH鈥檚 mission. You never know what others will do on your computer when you give it to them to use. There have been instances where an employee鈥檚 child has downloaded a pirated version of software to their UAH device and it became infected with malware.
3. When you have your UAH device away from the campus, store it in a secure location. 
4. Never attempt to bypass security software on your device or 鈥渏ailbreak鈥�, 鈥渃rack鈥�, or 鈥渞oot鈥� the device. Doing so bypasses a number of security protections in place and makes it more likely that your device will be compromised.

Keep Your Logon Secure

The combination of your password and your Duo Multifactor Authentication (MFA) solution is sufficient protection for a majority of UAH use cases. However, there are some caveats to this statement:

1. You should use Duo any time it鈥檚 technically feasible. Duo MFA provides additional layers of protection for your account above and beyond what you get with just a password alone, making accounts protected by Duo more difficult to compromise.
2. Never share your Duo code with anyone. UAH IT will not ask for the code that appears on your Duo app or other authentication device. Sharing that number with an unknown individual is one of the only ways your account can be compromised while using Duo. Any text message or phone call you receive claiming to be from OIT and asking for that number is an attempt to compromise your account and should be reported to the OIT Help Desk.
3. Do not use your UAH password as a password for any other non-UAH website or computer system. Computer systems and websites of all kinds are being compromised all the time. Many times when a website or system is compromised one of the first things they do is download a copy of stored user passwords whether they鈥檙e encrypted or not. If you used the same password for your UAH account as you did on a commercial website and that website gets compromised, then the password they have from the commercial website could be used to gain access to your UAH account.
4. Never share your UAH password with anyone. Per UAH policy you are responsible for all actions taken by your user account. 

Keep Your Location Secure

Even with a secure device and a secure login, you need to be aware of your surroundings while working on a UAH device. 

1. Be wary of anyone trying to look at your screen. It is potentially a breach of confidentiality if someone sitting behind you in the coffee shop reads the FERPA data on your screen. If you have to work in a public place, choose either (a) not displaying any information that would be protected by federal, state, or local laws or statutes or (b) sitting in a location where no one can be behind you without your knowledge.
2. Whenever you are remote, especially on public wi-fi, use the UAH Virtual Private Network (VPN). OIT provides the Ivanti VPN client that is pre-configured to connect to the UAH VPN. This software is available for download from Chargerware. It is not difficult to use. All you have to do is run the Ivanti Client and then log in with your UAH credentials and it provides a secure, encrypted connection back to the UAH network.
3. Contact the Office of Research Security (ORS) before traveling internationally with UAH devices. ORS maintains an updated list of embargoed countries and can help ensure you do not run afoul of any Export or International Travel regulations. 

By taking a little care and following a few simple steps you can help UAH stay #ChargerSecure

Cyber Threats

Higher education is a prime target of cybercriminals. Vast amounts of valuable data, including personal information, intellectual property, and financial details, make universities vulnerable to cybercrime. According to 鈥淐yber Attack Trends:  2022 Mid-Year Report鈥�, attacks against higher education increased 114% between 2020 and 2022. Therefore, it is critical for all of us to integrate cybersecurity awareness into our daily routine. Below are some guidelines to follow in an effort to keep UAH and your information cyber secure.

Keep Your Phish Hooks Sharp

Phishing is one of the most pervasive and detrimental cyber threats impacting universities. Phishing emails may appear to come from university IT departments, faculty members, or even classmates. Links to fake websites are often included which, when clicked, install malware or steal users鈥� information.

Ways to recognize phishing attempts:

• Sense of urgency or threat
• Sender is not legitimate. Pay close attention if [External] is at the beginning of the subject line.
• Spoofed links directing you to an invalid URL. Hover over the URL without clicking to see where a link may take you.
• Grammar and spelling errors
• Requests for sensitive information
• Unrealistic discounts, exclusive offers, or prizes

What to do after receiving a suspicious email:

• Do NOT click on any links!
• Do NOT respond to the email.
• In Gmail, you can click the 鈥淩eport phishing鈥� button.
• For additional help, you may forward the email to the OIT Help Desk at helpdesk@uah.edu
• Delete the email to prevent accidentally clicking links within it at a later date.

Take a 鈥楤yte鈥� Out of Malware

Malware (鈥渕alicious software鈥�) is any software created to disrupt, damage, or gain unauthorized access to a computer system. Recent studies have shown a 50% increase in malware attacks within universities in the last year. Such strikes often involve phishing emails, ransomware, and strategies to steal user credentials.

Tips to avoid malware:

• Practice safe browsing habits by avoiding suspicious links and pop ups.
• Use good email hygiene! As mentioned previously, do not open attachments or click links in suspicious emails.
• Use strong, unique passwords.
• Consider using multi-factor authentication.
• Keep operating systems and applications updated.
• Use antivirus and anti-malware software.

Social Engineering (NOT a UAH Degree!)

Social engineering, within information security, is the manipulation and deception of individuals into divulging confidential or personal information that may be used for fraudulent purposes. Social engineers often exploit trust and urgency to achieve their mission.

Common examples targeting universities:

• Fake Job Scams - This scam often targets students and recent graduates. Scammers advertise for fake jobs in emails, on job sites, and on social media. They might even mail you a check to deposit and then tell you to send money to another account. Do NOT deposit the check. It is FAKE. Do NOT send the money they requested.
• Tech Support Scams - A scammer pretends to be an IT support technician, with the goal of tricking the victim into revealing sensitive information and/or giving the scammer access to their computer. OIT will never ask for your password or your Duo MFA from your app.
• Pay-for-Training Schemes - This scam requires payment for training before being hired. Legitimate employers usually cover training costs.
• Fake Recruiters - Scammers impersonate recruiters from known companies and ask for sensitive information or request payment for a background check.

RED FLAGS to watch for:

• As applies to all phishing emails, notice unprofessional communication. Poor grammar, spelling errors, or unprofessional email addresses can be indicators of a scam.
• Take note of vague job descriptions. Valid job postings usually define a clear role.
• Be suspicious if there are offers that are just too good to be true.
• Be cautious if sensitive information is requested.

In today鈥檚 interconnected world, cyber awareness is critical and a shared responsibility. Understanding the strategies used by cybercriminals and recognizing the signs of potential threats is essential in protecting our digital landscape and keeping UAH #ChargerSecure.

Phishing - A Pervasive Threat

October is Cybersecurity Awareness Month, highlighting the importance of cybersecurity and the steps you can take to help protect yourself, your family, and UAH. This year we will have a different theme for each week:

• Week 1 - Phishing
• Week 2 - Cyber Threats
• Week 3 - Protecting Yourself While Working Remotely
• Week 4 - Incident Response - What to Do When You See Something

If you鈥檝e read previous cybersecurity newsletters or previous years鈥� Cybersecurity Awareness Month articles you will recognize the phishing topic as being one that I have mentioned before. So if I鈥檝e mentioned it before, why should I write about it again? It鈥檚 because phishing is the most common type of attack that is used to target UAH faculty, staff, and students. UAH receives thousands of potential phishing emails every day and more than 99% of them are caught and either prevented from reaching your inbox or are removed automatically when the Google anti-phishing and anti-spam analysis is completed.

However, no solution is perfect and chances are that you will eventually receive a phishing email in your inbox. It is critical that you keep a wary eye out for signs that an email is not legitimate. To assist you, here are some signs that can indicate that an email is actually a phishing threat.

Look for the [External] tag at the beginning of the subject line.

Any email that does not originate from a uah.edu email address will have [External] at the beginning of the subject line. Many safe and legitimate email messages come from external email systems. The [External] tag does not automatically mean the message is a scam, but it does provide additional information about the message source. The [External] tag means you need to carefully examine this email before you respond or take action.

Phishing emails are getting more sophisticated and harder to detect but the [External] tag confirms that this email did not come from a UAH email address. Emails that offer jobs, internships, or requesting sensitive information, should never have an 鈥淸External]鈥� tag in the subject line.

For example, if your subject line says 鈥淩equest for Information鈥� then it originates from a UAH email address and has a high chance of being legitimate but if that same email鈥檚 subject line is 鈥淸External] Request for information鈥� then this email has a higher chance of being a phishing email.

The [External] tag is implemented to help protect your account from possibly being compromised as well as protect the University.

Look at the 鈥淔rom:鈥� address

By policy, all official UAH communication will originate from a UAH email account. The information after the 鈥淍鈥� symbol in an email address indicates the domain and anything not 鈥渦ah.edu鈥� after the 鈥淍鈥� symbol should be a cause for additional scrutiny. Chances are these emails will have the [External] label at the beginning of the subject line but it鈥檚 better to be safe than sorry.

How do you know it is a UAH account? The from address will look like abc123@uah.edu or mailto:first.last@uah.edu. Official UAH email won鈥檛 come from DrJohnSmith@gmail.com or JaneCharger.uah@att.net. Not even Google employees use the Gmail domain for official correspondence.

If the domain does not match the apparent sender of the email, the email is almost certainly not legitimate. For example, if the sender is Floyd.Carter@.optonline.net but the email is signed, "Dr. Lori Charger," it is almost certainly a scam.

Look for these indicators that an email may not be genuine

Although there are many different types of phishing emails, most of them rely on a common set of characteristics to trick users into replying or responding. Remember to stop, think, and verify information before you click.

1. Some phishing scams use a sense of urgency such as claiming you need to take immediate action to keep your account or the person is requesting sensitive information and needs it right away.
2. Some phishing scams play on fear. The email could contain threats or fear-mongering such as warnings that your account will be closed or that you have been referred to law enforcement. One scam we鈥檝e seen recently was trying to state that the recipient had a past-due wireless bill of $3,138.
3. Some phishing scams will play on greed by offering limited-time offers for exclusive deals, or discounts and prices that are too good to be true. A recent phishing scam we saw was offering iPads for sale for $15.
4. Some phishing scams use personal details to try to make them seem more legitimate. The list of UAH faculty and staff is available on public websites and newer AI-based phishing techniques can even use information published on social media sites such as Instagram, LinkedIn, Reddit, and other sites as part of a targeted phishing campaign.

If you receive an email you believe to be phishing, do not respond to the message. In Google Mail, it is possible to mark the email as phishing or you can add a message to your spam filter for unwanted messages by clicking the 鈥淩eport Spam鈥� button.

If you are at all unsure about the legitimacy of an email, you should err on the side of caution and do not provide any information. Instead, contact the purported individual who sent the email in person or over the phone to verify the email is legitimate. Also, you can forward the email to the OIT Help Desk at helpdesk@uah.edu for more assistance.

By remaining vigilant against phishing emails, you can help UAH stay #ChargerSecure

During the month of March, OIT will:

• Provide instructions for steps that you can take to determine the age of the laptop or desktop that has been issued to you.
• Provide details regarding the process for requesting help with the procurement of a replacement computer. 

If the computer you use is (or will soon be) in need of replacement, you are encouraged to begin the process of ordering a new computer as soon as possible to allow for the purchase, delivery, and configuration of the new device by October 1, 2024. Each department is responsible for purchasing the necessary equipment; OIT is available to offer assistance throughout the process.

If the computer is less than 5 years old, you are encouraged to set a reminder on your calendar to replace your computer before it exceeds the age of 5 years.

For more information, please see /images/administrative/oit/oit-device-support-standards.pdf