This February, a cyber-attack on the University of Maryland’s servers resulted in the theft of personal information for more than 300,000 individuals. While TU was not affected by the attack, we encourage you to read the information below in order to protect yourself against future attacks.
Common forms of cyber attacks
The most common form of cyber-attack is phishing, an email scam in which the sender of the email attempts to obtain personal information which can be used to access your email, spread other phishing messages or steal your identity.
Some common types of phishing are:
- Targeted and personalized attacks which have the look and feel like they are from Towson University or the State of Maryland.
- Attacks in which scammers pretend to have a fortune that can only be accessed with your help. The scammers request your financial information with the empty promise of sharing the wealth.
- Targeted and personalized attacks which use public information found via social profiles like Facebook or LinkedIn. Scammers may use a fake email address to pose as a friend and include personal details found on one of your online profiles to entice you to divulge sensitive information or download a malicious file.
Signs that an email may be a scam
Phishing emails can be very realistic and difficult to identify. Keep an eye out for these simple, telltale signs of a phishing email:
- The email has poor spelling or grammar.
- The name signed at the bottom of the email is different from the email address.
- The use of threats or incredible offers. If it’s “too good/bad to be true,” it probably isn’t.
- The URL does not match the legitimate site. Scammers cannot use the same URL as the legitimate website, so they will tweak the address to look legitimate at a quick glance. The URL may use a different domain name (e.g., bankofamerica.com versus bankofamerica.net) or a variation of the actual address (e.g., bankofmerica.com).
How to protect yourself
TU regularly blocks phishing emails, but some may still get through to your inbox. Here are some easy tips to protect yourself:
- Be cautious of all communications you receive and be careful when clicking links contained within those messages. If in doubt, do not click.
- Don’t respond to any spam-type emails. Often replying to the email may trigger another phishing attack or malware download.
- Don’t send your personal information via email. Legitimate businesses — including Towson University — will never ask users to send sensitive personal information through email.
- Don’t input your information in a pop-up; if you are interested in an offer that you see advertised in a pop-up ad, contact the retailer directly through its homepage or through a retail outlet.
- For secure transactions being made via a website, look for a lock icon in the URL. This indicates that the website is using https – an encrypted protocol – to send your sensitive information, ensuring that scammers cannot intercept it.
- Be wary of attachments. Never open an attachment from someone you don’t know, and be specifically wary of .exe files (which run commands on your computer) and .zip files (which contain a package of files).
- Make sure you have an up-to-date anti-virus software program installed and set to automatically update and scan your system. Enable the feature to scan attachments with the anti-virus program before downloading and saving them to your computer. If you do not have anti-virus software, TU’s Office of Information Security recommends downloading Microsoft Security Essentials for Windows Systems.
- Perform regular updates on your computer, browser and programs to help prevent attacks. Make sure Windows Update is turned on and always perform the recommended security updates.
If you think you’ve received a phishing email
- Do not respond to the email.
- Forward the email to phishing@towson.edu. This is a new email account created and monitored by TU’s Office of Information Security. They will receive your potential phishing email, review it and take any necessary action to protect the campus.
For additional guidance on how to recognize phishing attempts, go to Microsoft’s Phishing page. For instructions on what to do if you think you’ve become a victim of a phishing scam, go to the FTC’s Identity Theft website.