Compliance Chat #11 Phishing Risks - Cyber Security Pointers
January 26, 2024
Chances are that you've encountered phishing emails numerous times in both your personal and university email accounts. Phishing is a deceptive tactic to trick individuals into disclosing sensitive information. These attacks frequently employ convincing yet fraudulent emails, messages, or websites that mirror trusted sources like colleagues or official university channels. University employees are key players in safeguarding the university from cyber threats such as phishing.
Until recently, oftentimes there would be something “off” in a phishing email that would signal you that it was a fake. Unfortunately, as shared in this article, “generative AI can make traditional phishing attacks -- via emails, direct messages and spurious websites -- more realistic by eliminating spelling errors and grammatical mistakes and adopting convincingly professional writing styles” and that “vishing, or voice phishing, uses phone calls, voice messages and voicemails to trick people into sharing sensitive information…attackers can also use generative AI to clone the voice of a trusted contact and create deepfake audio.” Picture getting a vishing call from your supervisor, the chancellor, or the university president, requesting you to handle a payment.
In this second installment of the new Compliance Chat series centered on Cybersecurity, Mary Gower, Senior Institutional Compliance Liaison, engages in a discussion on phishing with Jeannette Okinczyc, the Manager of Security Operations for the University of Alaska System OIT.
Why University Employees Should Care:
Phishing is an all-too-common threat that university employees cannot afford to overlook. It's not a question of whether you'll encounter a phishing email, but when. This pervasive issue poses a considerable risk to both individuals and the broader university community.
Accidentally succumbing to phishing attacks is not just stressful but also embarrassing. Such lapses can jeopardize essential assets, including student records, research data, and financial information, and can also lead to significant monetary loss. Given the rising sophistication of these attacks, cultivating a healthy dose of skepticism while reading emails is important. Staying vigilant is not just a best practice but a necessary defense against evolving cyber threats.
Take Action:
If you suspect a phishing attempt, please mark it as phishing in the Google interface.
This sends a message to the Security Operations team so they can assess whether the
circumstances warrant warning other employees to be on the lookout for parallel attempts.
If you’re not a Google user, please forward the email to ua-phishing@alaska.edu and the security team to assess it.
Interested in trying to win a prize? After watching this Compliance Chat answer the question:
- Question: What is one of the phishing objectives named in the video?
Email your answer to ua-compliance@alaska.edu. A correct answer will be drawn at random to receive $20* at Amazon.com!
*Gift certificates are taxable. Responses due before February 29th, 2023.