Cybersecurity @ UWM

It has never been more important to ensure your personal information stays safe and secure online. Educating yourself on the topic of cybersecurity helps keep scammers at bay and can greatly decrease the likelihood of your personal information becoming compromised. Look through the following sections to learn how to secure and protect your personal data!


Phishing Scams: Know the Essentials

Don’t take the bait! Phishing attacks use emails or malicious websites to solicit personal information by posing as a trustworthy organization in order to commit fraud.

Phishing Types
Phishing attacks can come in many forms. Some of the most common forms Phishing takes on a college campus include:

  • Job Scams
    • Scammers send emails to users offering jobs with great pay, low hours, and lots of flexibility. A good way to spot these scams is if it feels too good to be true, it probably is! Looking for a great student job? Log into Handshake through the UWM Career Planning & Resource Center or contact them directly with questions about opportunities at careerplan@uwm.edu or 414-229-4486.
  • SMS Scams
    • In this scam, you receive fraudulent text messages claiming that you need to take an action because you won a prize/gift card, were offered a credit card or maybe they offer to help you pay your student loans. When you respond to the text, the scammer will attempt to gather information from you such as credit card numbers or bank account numbers. If you receive a text of this nature, don’t click the links or share any personal information.
    • Another way scammers use SMS for scams is by sending you a phishing email requesting personal information including your phone number. If you respond, the scammer continues the scam via SMS/text instead of your email account. For an example of this type of scam, please see our article on SMS Phishing Scams.
    • In either case, if you are not sure, don’t click links or respond and contact the UWM Help Desk.
  • Security Breach Scams
    • Scammers send emails stating that a user’s account has been compromised and they need to complete actions to recover that account. First, never click any links or download any files from suspicious emails, and second, if you think your account has been compromised, contact the UWM Help Desk!
  • Cloud Storage Scams
    • Scammers send emails to users stating that their cloud storage account has been compromised and attempt to extort money from the target by using your personal files as leverage. Scammers may also send you messages about your storage space running out and will demand you pay them or else they will delete your files. If you believe you have received a cloud storage scam, call the UWM Help Desk to verify its validity.
  • Customer Service/Social Media Scams
    • In this scam, social media is weaponized by cloning pages/profiles belonging to established brands, companies and people to commit fraud. These accounts will request their followers click malicious links or divulge personal information. Common phishing attacks include job offers, unsolicited sweepstakes wins, free gift cards, messages offering brand ambassadorship and more. Always check that accounts are verified with the social media platform and be suspicious of those that are not verified, have few followers, were recently created and have few posts.
MFA Bombing

Multi-Factor Authentication (MFA) Bombing has become a popular tactic used by scammers when trying to gain access to your account. By bombarding you with frequent requests, the scammer hopes to get you to authenticate for them using a few different methods.

Some common ways they do this include:

  • Lots of MFA requests coming one after another
  • A few MFA requests each day for an extended period of time
  • A person calls/texts you posing as a figure from a reputable institution that requests your MFA authentication as part of a company process

All unsolicited MFA prompts, calls, texts, and emails should always be handled carefully to ensure no one gains access to your personal information.

Think you’ve been MFA Bombed?

  1. Turn off your notifications to whichever authentication method you use.
  2. Change your password immediately.
  3. Access your security info in M365, and select Sign out everywhere.
  4. Contact the UWM Help Desk.
Phishing Avoidance

It can be tricky identifying what is a real email and what is a scam these days. The following identifiers can be helpful when spotting a scam:

  • Bad grammar
  • Urgent timelines
  • Email addresses outside of UWM
  • Requests for confidential information
  • Suspicious links

If you believe you have a phishing email in your inbox, you can help others by:

  • Click the ellipses button on the email and under Security Options select Mark as Phishing.
  • Forward the email to “abuse@uwm.edu”.
  • Contact the UWM Help Desk to find out if the email is legitimate.

Visit our YouTube channel to learn about more ways to keep scammers at bay!


 

Passphrases: Your First Line of Defense

Passphrases are longer, more complex, and are overall far better than passwords. Make sure you look at our tips and tricks below before you make your next passphrase!

Passphrase vs. Password

You may be wondering, “What happened to passwords?” Passphrases are overall more effective at keeping your accounts secure than a password because they contain more characters. Furthermore, if someone were to try and “brute force” their way into your account, the chart below shows exactly how long it would take for someone to do that based on several factors:

Creating a Strong Passphrase

Use the following when creating your next passphrase:

  • Use a phrase instead of a singular word (“password” vs “makingapassword”)
  • Use uppercase and lowercase letters (MakingAPassword)
  • Use symbols (M@k!ng@P@$$Word)
  • Use numbers (M@k1ng@P@55W0rd)
  • Use as many characters as allowed
  • Use a unique passphrase for each service you use
  • Use a password manager (LastPass, iCloud Keychain, etc.) to remember each of your unique passphrases

Please Note: Do not use the above password examples as your actual password.

 


Virtual Private Networks (VPN) and YOU

Free WiFi may sound great in the moment, but if you’re connecting to an unencrypted network, there’s a good chance your personal data could be stolen if you aren’t using a VPN. Learn more about Virtual Private Networks below:

Virtual Private Network (VPN)

Does UWM provide a free VPN service?

  • UWM offers all campus members a free download of the Palo Alto VPN. Palo Alto provides encryption to UWM-provided products and services (e.g. PAWS, Canvas, M365, etc.) and the data you generate when using them. For instructions on how to download the Palo Alto VPN to your devices, visit our KnowledgeBase.

What kind of VPN should I use?

  • Most VPN companies provide more than sufficient levels of security for all your devices, however; if you’re looking for specific recommendations, make sure the VPN provider you choose includes:
    • AES128 (or better) level encryption
    • IKEv2/IPSEC protocol
    • Cross-platform compatibility

 


Illegal File-Sharing: More Expensive Than a Movie Ticket

 

 

 

 

There can be serious repercussions for illegally downloading and sharing certain files. Though it is not always easy to tell if the material you are downloading is copyrighted, the following FAQs can help you understand the “Dos” and “Don’ts” of downloading data on campus.

Illegal File Sharing FAQ's
What is illegal file sharing, and how can I avoid it?

When media is produced and sold, it is protected by copyright law so it cannot be copied, reproduced, or resold without the permission of the creators. If you download media without paying for it and the file has been copyrighted, or distribute media that has been copyrighted without the permission of the copyright holder, you are sharing the file illegally. Make sure to always purchase media from a trusted outlet, and do not distribute copyrighted materials with others without permission from the copyright holder.

What is the Digital Millennium Copyright Act?

The Digital Millennium Copyright Act (DMCA) of 1998 made it illegal to republish copyrighted information by downloading, uploading, or file-sharing media such as music, movies, or software. Digitally sharing copyrighted materials is illegal and violates the Acceptable Use Policy for UWM regarding the campus network.

The University does not monitor individual network activity. However, UWM is obligated by law to respond to valid complaints from copyright holders and their agents. DMCA complaints are taken seriously and may result in loss of access to the UWM network, academic discipline under University policy, or fines or legal action by the copyright holders and/or their agents.

What’s the risk of illegal file sharing?

Groups like the Recording Industry Association of America (RIAA) pay organizations to gather information from the internet to identify where files are being shared illegally. Individual lawsuits are being settled out of court for $4,000-$5,000. Lawsuits that are not settled out of court can result in higher monetary damages.

Groups such as the RIAA send an official complaint to the Internet Service Provider (UWM when you are using the UWM network). UWM notifies the campus network administrator responsible for the area in which the infringement occurred. The individual is then notified about the complaint so they can stop the illegal use of copyrighted material. Wherever possible, network access for the device or individual in question is removed until it can be verified that the infringing activity has stopped or until a counterclaim is filed.

The copyright holders’ lawyers can file a federal lawsuit and then subpoena the University for the information to identify the individual. With your name and user account information, the attorneys can pursue monetary damages against you in court. This is the risk you assume when you engage in illegal file sharing.

What are some common “P2P” (peer-to-peer) programs used for illegal file sharing?

The use of programs such as BitTorrent, uTorrent, and LimeWire may result in illegal P2P sharing of digital materials.

How can I avoid violating copyright law and subsequent legal action?

While some files may be legally shared via common P2P programs, most true freeware programs or public domain music are available elsewhere on the Internet. If you use P2P file sharing software, it is your responsibility to ensure you are not downloading or sharing copyrighted music, movies, or software.

How do I know if I've received a settlement letter from the RIAA?

If you’ve been contacted regarding a DMCA violation, you may have been targeted for the settlement letter as well. If you wish to obtain a copy of any such letter or contact information for the RIAA, you may request it from UWM. Incidentally, the parties to a lawsuit can agree to settle a case at any time. You do not legally forfeit your right to settle by not responding to a pre-settlement letter. While it is impossible to know if the RIAA will be amenable to settlement at a particular time in the future, typically corporations prefer to settle cases instead of undertaking a trial which is costly and time-consuming.

Where can I find more information about P2P sharing and copyright infringement? What is the official UWM policy for copyright infringement?

It is the policy of the University of Wisconsin – Milwaukee (‘UWM”) to promptly investigate notices of alleged copyright infringement, and take appropriate actions under the Digital Millennium Copyright Act, Title 17, United States Code, Section 512 (“DMCA”).

DMCA notifications are to be submitted to the DMCA Compliance and Notification Agent.

 


Protect Your Devices

Cybersecurity doesn’t stop in your inbox! There are many steps you can take to protect yourself online, such as:

If you believe yourself to be a victim of fraud, scams, or bad business practices please report it to the Federal Trade Commission (FTC) at reportfraud.ftc.gov.

Training Opportunities

Learn how to protect yourself by understanding the nature of internet-based threats and about the protection options and tools built into most web browsers and email systems.