Tech Tip: So long! And thanks for all the Phish!

Events, News, Tech Tip

As cybersecurity awareness month comes to an end, UWM IT would like to take this opportunity to recap the past action-packed month (I know, we’re sad about it too.)

We’re sure you’ve caught this by now, but this year’s Cybersecurity Awareness Month theme was: ALL THINGS PHISHING! Identifying phishing emails can be tricky but hopefully, you can confidently spot scammers’ red flags from a mile away.

Missed a week? Well, worry not! Here’s your 2022 Cybersecurity Awareness Month Synopsis:

We’re sure you’ve seen your fair share of suspicious emails, but in the future be on the lookout for…

  • Job offers that promise high weekly pay, low hours, and lots of flexibility
  • Requests for personal information
    • (Username, password, race, gender, etc.)
  • Email addresses from outside of UWM
    • (@gmail.com, @uwm.com, @uwm.org, etc.)
  • Vague university affiliation
  • Urgent tone
  • Poor spelling or grammar
  • Suspicious links or attachments

If you believe you have received a phishing email…

  • NEVER click any links or attachments
  • Either click the ellipses (…) button in the upper right-hand corner and under Security Options select Mark as Phishing
  • Or delete the message
  • If you’re unsure about the email’s legitimacy, forward the email to abuse@uwm.edu and they can help you identify if the email is the real deal

*Ring Ring!* “It’s John from your bank, gimme me your MFA code!” That sounds pretty phishy. Keep your eye open for…

  • Unknown numbers
  • Unsolicited calls/texts from utility companies, banks, the IRS, etc.
  • Messages from management figures requesting you purchase gift cards
  • Requests to click links in text messages
  • Requests for any personal information like your MFA code, social security number, address, etc., during phone calls

If you believe you are experiencing Vishing or Smishing:

  • Do not respond to any text messages
  • Do not click any links in text messages/download any attachments
  • Delete any suspicious text messages
  • Do not give out any personal information over the phone
  • Hang up the call, contact the company directly using a verified communication channel listed on their website, and ensure you are speaking to a legitimate company representative
  • Block any and all suspicious numbers

All these spam emails are EXHAUSTING, and I don’t recognize half these MFA requests! Well, scammers likely already have your password and are trying to bypass MFA if you get:

  • A lot of MFA authentication requests back-to-back
  • A few authentication requests each day for an extended period
  • A phone call or text message from a reputable institution that requests your 6-digit MFA code or to approve an unfamiliar authentication request

If you believe you are experiencing MFA Fatigue:

  • Never approve any unfamiliar MFA requests
  • Turn off your notification method to avoid accidental approvals
  • Access your account using your backup authentication method (preferably a 6-digit code) and change your password immediately
  • In your account security info in M365 and select Sign out everywhere
  • Contact the UWM Help Desk for more help regarding this topic

To learn more ways to keep scammers at bay, visit our YouTube channel!

If you need assistance regarding this topic, please contact the UWM Help Desk.