Monthly Archives: January 2023

Helpful Tips to Avoid Phishing Attacks

Phishing is one of the most common types of cyberattacks that can seriously impact both individuals and organizations. These kinds of attacks can take place almost anywhere online; text, websites, and social media, but are most commonly seen in the form of email.

The SlashNext State of Phishing Report for 2022released in October, found that there was a 61% increase in the rate of phishing attacks in just the first 6 months of the year compared to last year’s data. Not only have the rates of phishing attacks increased, there was a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.

With all of this in mind, it is perhaps more important than ever to stay vigilant against phishing attacks.

Helpful Tips to Avoid Phishing Attacks2023-01-09T12:02:00-05:00

Phishing Attacks – Helpful Ways to Identify and Avoid Them

Phishing is one of the most common types of cyberattacks that can seriously impact both individuals and organizations. These kinds of attacks can take place almost anywhere online; text, websites, and social media, but are most commonly seen in the form of email.

The SlashNext State of Phishing Report for 2022, released in October, found that there was a 61% increase in the rate of phishing attacks in just the first 6 months of the year compared to last year’s data. Not only have the rates of phishing attacks increased, there was a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.

With all of this in mind, it is perhaps more important than ever to stay vigilant against phishing attacks. Read on to learn more about this type of attack and helpful ways to identify and avoid them.

What is phishing and how does it work?

Phishing is a type of social engineering attack, or an attack that involves psychological manipulation, to steal your personal information or install malicious software on your devices. To accomplish this, cybercriminals will disguise themselves as a legitimate source, such as a well-known company or financial institution, to deliver realistic messages and trick you into giving up your personal information.

Cybercriminals behind these attacks will go to great lengths to make their scams appear legitimate, using the logos and branding of trustworthy sources to disguise themselves. Not only will they create emails under the source’s branding, but they will often create spoofed websites, which are fake websites designed to look legitimate, to accompany them.

The goal of these emails is often to get you to click on a link and enter your personal credentials into the fake website that it leads to. Once that happens, your information will be sent to the attacker behind the scam.

How can I identify a phishing email?

Although it can sometimes be difficult, there are several ways that you can identify a phishing email.

According to fightcybercrime.org, the best ways to identify a phishing email include:

  • Check the sender’s email address. If it is not from a legitimate company, do not open it.
  • Check the URL by hovering over the link.
  • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
  • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.
What can I do if I click on the link or provide my personal information?

If you clicked on a phishing email link or provided your information, first take a deep breath and know that it can happen to anyone.

  • Go to the legitimate website, reset the password on your compromised account and enable two-factor authentication right away. If you are using that password for other accounts, change those too.
  • Forward the suspected phishing email to [email protected], where the Anti-Phishing Working Group will collect, analyze and share information to prevent future fraud.
  • Mark it as spam.
  • Run a full system scan using antivirus software to check if your device was infected when you clicked the link. If you find viruses, follow these steps on your device. If you still can’t remove the virus, contact a reputable computer repair shop in your area.
Tips & Tricks to Identify a Phishing Email
  • Check the sender’s email address. If it is not from a legitimate company, do not open it.
  • Check the URL by hovering over the link.
    • If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
    • If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
  • Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
  • Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
  • Check for grammatical errors or misspellings.
  • If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.

As we continue into 2023, it’s guaranteed that cybercriminals will continue to launch more and more phishing campaigns with the hopes of stealing personal information from unsuspecting victims. Remember to always be cautious online and when in doubt, always do your research!

Information retrieved from fightcybercrime.org. For more details on phishing attacks, visit: https://fightcybercrime.org/scams/hacked-devices-accounts/phishing/

Phishing Attacks – Helpful Ways to Identify and Avoid Them2023-01-09T11:34:22-05:00

Defense & Innovation: A Cybercrime Symposium

We are delighted to announce InfraGard Florida – Tampa Bay Area Members Alliance as our symposium co-sponsor!

Join us for a two-day symposium hosted by Cyber Florida in partnership with the University of South Florida and InfraGard to bring together academic researchers, industry practitioners, and law enforcement professionals to examine the latest intelligence on emerging cybercrime threats. The symposium will serve as a platform for connecting, information-sharing, and problem-solving as these three groups—practitioners, researchers, and law enforcement—work together to mitigate the constantly evolving cyber threat landscape. Agenda coming soon!

Symposium Agenda

Subject to change without notice.

8:00 AM Check-In and Breakfast
9:00 AM Welcome Remarks

George Burruss, PhD, Professor and Associate Chair, University of South Florida Department of Criminology
Ernie Ferraresso, Director, Cyber Florida

9:15 AM Keynote Address: The Global Cyber Threat

General (Ret.) Frank McKenzie, Executive Director, Cyber Florida

10:00 AM Call to Arms: A Plan for Protecting Critical Infrastructure in the United States i.e. How to Eat an Elephant

Michael W. Ritchie, President InfraGard – Tampa Bay Members Alliance and Principal, Germinal: Consulting Services & Custom Product Development

10:45 AM Break
11:00 AM The Fraud Triangle and Cryptocurrency: Unpacking the Relationship between Cryptocurrency and Financially Motivated Cybercrimes

Thomas Dearden, PhD, Assistant Professor of Sociology and Criminology, Virginia Tech

11:45 AM State of Cybersecurity from Those Tasked with Defending It

Nick Biasini, Head of Outreach, Cisco Talos

12:30 PM Networking Lunch & Student Poster Session
1:30 PM The Cyberwar between Russia & Ukraine

LTC ret. Zbigniew Nowak, PhD, and Katarzyna Chałubińska-Jentkiewicz, PhD; Academic Center for Cybersecurity Policy, War Studies University, Poland; Dr. Ryszard Szpyra, Professor of social sciences, head of doctoral studies at the National Defense University; and Dr. Oleg Gushchyn, Taras Shevchenko National University of Kyiv,  Military Institute.

2:15 AM Employing Zero Trust Architecture for Electric Utilities

Steve Lindsay, Director, Critical Infrastructure Initiatives, XTec

3:00 PM Break
3:15 PM Thick as Thieves: How Criminal Relationships Form on the Darknet

Samantha Tucker, PhD, Cyber Operations Analyst, MITRE

4:00 PM Hello, You’ve Been Hacked: A Study of Victim Notification Preferences

Caitlyn Muniz, PhD, Assistant Professor, The University of Texas at El Paso

9:00 AM Welcome to Day 2

George Burruss, PhD, Professor and Associate Chair, University of South Florida Department of Criminology

9:15 AM Darknet Ecosystem: Selling Stolen Identities Online

C. Jordan Howell, PhD, and George Burruss, PhD, University of South Florida

10:00 AM How basic is Hackers’ Playbook? Studying Attacks on our RDP Honeypots

Andréanne Bergeron, Ph.D, Cybersecurity Researcher / Chercheure en cybersécurité, GoSecure

10:45 AM Break
11:00 AM The Web: A Doubled-Edged Sword

Amin Kharraz, PhD, Assistant Professor of Computer Science, Systems Security Lab at Florida International University

11:45 AM ISP Spamming: Tactics, Techniques, and Procedures (TTPs)

Mark Clancy, Founder Cyber Risk Research and former CISO of Sprint and DTCC, and Khalid Akanbi, Cyber Security Analyst

12:30 PM Networking Lunch & Student Poster Sessions
1:30 PM Current Trends in Fraud

Supervisory Special Agent Keith Givens, Federal Bureau of Investigation

2:15 PM Leveraging “Insurability”

Joey Hernandez CISM, CISSP, InfraGard Financial Services Sector Chief and Team Lead for Dell/SecureWorks North American Proactive Services

3:00 PM Break
3:15 PM New Reputation-Based Mining Paradigm: Incentivizing Blockchain Miners to Avoid Dishonest Mining Strategies

Mehrdad Nojoumian, Associate Professor, Director of the Privacy, Security & Trust in Autonomy Lab, Department of Electrical Engineering & Computer Science, Florida Atlantic University

4:00 PM Machine Learning and Forensic Analysis of Photo Thumbnails

Shahrzad Sayyafzadeh, Florida A&M University

Location & Parking

Venue:

University of South Florida – Tampa
Marshall Student Center Grand Ballroom (2nd floor)
4103 USF Cedar Cir, Tampa, FL 33620

Parking:

After obtaining a parking pass from the Campus Information Center off of Leroy Collins Blvd (instructions provided via email to registrants), attendees should proceed to the Crescent Hill Parking Facility off of USF Cedar Dr., then walk to the Marshall Student Center. Guests with Disabled Person Parking Permits will find the closest disabled person parking spaces in Lot 3A:E.

n

Defense & Innovation: A Cybercrime Symposium2023-04-18T14:39:29-04:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.