Security Awareness Tips for January 2024

photo of Newcomb Hall and University Chapel
Published | February 7, 2024

Should You Click on Unsubscribe?

January 30th, Tip of the Week  |

According to KnowBe4, “the short answer is that, in general, it is OK to click on a legitimate vendor’s unsubscribe link. But if you think the email is sketchy or coming from a source you would not want to validate your email address as valid and active, or are unsure, do not take the chance, skip the unsubscribe action. Most of the time, clicking on a fraudster’s unsubscribe feature will simply confirm your email address is valid and active and this will likely result in your email appearing for sale in cybercriminal forums for years.”

If you’re unsure about the safety of a particular email source, please contact the ITS Helpdesk at X4357 or for assistance.

Fake PDF Files Are a Real Threat

January 18th, Tip of the Week  |

The PDF file scam starts with a simple phishing email and an attachment that appears to be a hotel invoice. Unfortunately, the attachment isn’t an actual PDF file. It’s a complex attack designed to steal your sensitive information.

If you happen to download and open the attachment, an error message appears. The message claims that you need an update in order to view the PDF file. But the file isn’t actually a PDF document, and the error isn’t actually for an update. In reality, the file is a form of malware, and if you agree to the update, you’ll launch that malware. Once launched, it quickly scans your device, collects your sensitive information, and sends it to the cybercriminals.

  • Cybercriminals are counting on you to click without thinking. Never open attachments received from an unexpected email.
  • Remember that this type of attack isn’t exclusive to travel invoices. Cybercriminals could use this fake PDF file technique in a number of scenarios.

Above content attributed to KnowBe4 Scam of the Week.

Beware of Cybercriminals Waiting to “Help” you After You’ve Already Been Scammed

January 4th, Tip of the Week  |

Did you know a sub-industry of scammers exists to take advantage of the panic you may feel at the point you realize your identity has been stolen? They’re out there waiting to add insult to injury. They may show up in legitimate looking search results or in your social media feed advertising tech support services to “help” restore your locked accounts.

As a general rule, don’t rely on search engines or Facebook ads to find help. Cybercriminals can purchase ads on these platforms to trick you into thinking you’re dealing with a legitimate restoration company. Just because a company is at the top of the sponsored search results doesn’t mean they are reliable, it just means they paid to have their ad shown. If you do decide to use a company to help restore your identity, be sure to check actual references from people you know and trust.  Find out more here.

You may also like…