A cyberattack on University of Maryland servers last month resulted in the theft of more than 300,000 people’s personal information. Towson University was not affected by the attack.
The university encourages students, faculty and staff to be aware of the most common types of data thefts in order to protect themselves.
Common forms of cyber attacks
The most common form of cyberattack is phishing, an email scam in which the sender of the email attempts to obtain personal information. Once the information, such as a username and password, is obtained, it can be used to access your email, spread other phishing messages or steal your identity. TU regularly blocks phishing emails, but some may still get through to your inbox. The most common types of phishing are:
- The “fortune” approach, in which a scammer tells you he or she can share money with you if you give them your financial information.
- The “friend” approach, in which a scammer access public information in social media accounts like Facebook or LinkedIn and poses as a friend to lure you into sharing information or downloading a malicious file.
Signs that an email may be a scam
Phishing emails can be difficult to identify. Keep an eye out for these simple, telltale signs of a phishing email:
- Poor spelling or grammar
- Conflicting names in signature and email address
- Threats or “too good/bad to be true” offers
- Conflicting or misspelled URLs (URL in email doesn’t match real organization’s URL , e.g., bankofamerica.com versus bankofamerica.net, or bankofmerica.com)
How to protect yourself
- Be cautious. If you’re not absolutely sure a link or email is legitimate, don’t click on it.
- Don’t reply. Replying can trigger further attacks or malware downloads.
- Don’t send your personal information via email. Legitimate organizations—including Towson University—will never ask users to send sensitive personal information through email.
- Don’t input your information in a pop-up; contact the retailer directly through its homepage or through a retail outlet.
- Check the “lock.” Secure transactions via a website contain a “lock” icon on the far left of the URL indicating https, which is encrypted to help avoid data intercepts.
- Be wary of attachments. Never open an attachment from someone you don’t know, and be specifically wary of .exe files (which run commands on your computer) and .zip files (which contain a package of files).
- Keep our anti-virus software updated. Set your program to update and scan your system regularly, and to scan all attachments before dowloading/saving. TU’s Office of Information Security recommends downloading Microsoft Security Essentials for Windows Systems.
- Keep your system’s programs updated, especially the recommended security updates. Make sure Windows Update is turned on.
If you think you’ve received a phishing email
- Do not respond to the email.
- Forward the email to firstname.lastname@example.org. This is a new email account created and monitored by TU’s Office of Information Security. They will receive your potential phishing email, review it and take any necessary action to protect the campus.
For additional guidance on how to recognize phishing attempts, go to Microsoft’s Phishing page. For instructions on what to do if you think you’ve become a victim of a phishing scam, go to the FTC’s Identity Theft website.
Written by Pam Gorsuch