You Said What On The Internet? – A Free Webinar For Students
Phishing Attacks – Helpful Ways to Identify and Avoid Them
Phishing is one of the most common types of cyberattacks that can seriously impact both individuals and organizations. These kinds of attacks can take place almost anywhere online; text, websites, and social media, but are most commonly seen in the form of email.
The SlashNext State of Phishing Report for 2022, released in October, found that there was a 61% increase in the rate of phishing attacks in just the first 6 months of the year compared to last year’s data. Not only have the rates of phishing attacks increased, there was a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
With all of this in mind, it is perhaps more important than ever to stay vigilant against phishing attacks. Read on to learn more about this type of attack and helpful ways to identify and avoid them.
What is phishing and how does it work?
Phishing is a type of social engineering attack, or an attack that involves psychological manipulation, to steal your personal information or install malicious software on your devices. To accomplish this, cybercriminals will disguise themselves as a legitimate source, such as a well-known company or financial institution, to deliver realistic messages and trick you into giving up your personal information.
Cybercriminals behind these attacks will go to great lengths to make their scams appear legitimate, using the logos and branding of trustworthy sources to disguise themselves. Not only will they create emails under the source’s branding, but they will often create spoofed websites, which are fake websites designed to look legitimate, to accompany them.
The goal of these emails is often to get you to click on a link and enter your personal credentials into the fake website that it leads to. Once that happens, your information will be sent to the attacker behind the scam.
How can I identify a phishing email?
Although it can sometimes be difficult, there are several ways that you can identify a phishing email.
According to fightcybercrime.org, the best ways to identify a phishing email include:
- Check the sender’s email address. If it is not from a legitimate company, do not open it.
- Check the URL by hovering over the link.
- If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
- If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
- Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
- Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
- Check for grammatical errors or misspellings.
- If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.
What can I do if I click on the link or provide my personal information?
If you clicked on a phishing email link or provided your information, first take a deep breath and know that it can happen to anyone.
- Go to the legitimate website, reset the password on your compromised account and enable two-factor authentication right away. If you are using that password for other accounts, change those too.
- Forward the suspected phishing email to reportphishing@apwg.org, where the Anti-Phishing Working Group will collect, analyze and share information to prevent future fraud.
- Mark it as spam.
- Run a full system scan using antivirus software to check if your device was infected when you clicked the link. If you find viruses, follow these steps on your device. If you still can’t remove the virus, contact a reputable computer repair shop in your area.
Tips & Tricks to Identify a Phishing Email
- Check the sender’s email address. If it is not from a legitimate company, do not open it.
- Check the URL by hovering over the link.
- If you are on a desktop computer or laptop, hover over the link with your mouse. You will find the full address of the link either near the link itself or somewhere on the edges of your browser window, depending on what web browser you are using.
- If you are using your smartphone or tablet, hold your finger down on the link until a window pops up showing the full address of the link. Tap away from the window to close the preview.
- Be aware of a sense of urgency or threats. For example, phrases such as “you must act now” or “your account will be closed” may be indicators of a phishing attempt.
- Be cautious of messages that ask for personal information such as your social security number, bank account information, or credit card number.
- Check for grammatical errors or misspellings.
- If you are unsure about the message, don’t hesitate to contact the company directly to inquire about it. Don’t use the contact information provided in the email or text message. Look up the company’s contact information on their website or elsewhere.
As we continue into 2023, it’s guaranteed that cybercriminals will continue to launch more and more phishing campaigns with the hopes of stealing personal information from unsuspecting victims. Remember to always be cautious online and when in doubt, always do your research!
Information retrieved from fightcybercrime.org. For more details on phishing attacks, visit: https://fightcybercrime.org/scams/hacked-devices-accounts/phishing/
The Top Red Flags of a Veterans Day Scam
As Veterans Day approaches, many Americans may be searching for opportunities to give back to those who have served our country by donating to charity. Unfortunately, malicious scammers on the internet are notorious for taking advantage of the honorary day by using communication techniques similar to trusted military nonprofits to mislead prospective donors.
FightCybercrime.org recently released an article discussing the top red flags of a veteran charity scam. According to the article, “Through targeted communications, scammers use names similar to well-known charities and flood their communications with words like “hero,” “sacrifice” and “disabled” to pull on the heartstrings of compassionate Americans. Oftentimes, these fake charities will create targeted lists by searching social media for people who support the military. Other times, these scammers will imitate existing fundraisers or charities around military observances—such as Veterans Day—when the military is top of mind.” The top red flags of a veteran charity scam may include:
1. Receiving a thank you for a donation you don’t remember making
Fake charities will thank you for a donation that you never made in hopes that you will give “again” without questioning the legitimacy of their organization. If you receive communication that praises you for a donation you don’t remember making, proceed with caution.
2. Refusal to provide charity information
If a charity refuses to provide basic information about the organization itself or how your donation will be used, be wary. Legitimate organizations are happy to provide you with answers to all your questions before you donate. Prior to donating to any charity, we recommend doing some research. Search the charity’s name on sites like GuideStar, Charity Navigator or the BBB Wise Giving Alliance, which provide donors with free access to data, tools, and resources to make informative giving decisions.
3. Use of high-pressure tactics
Real charities appreciate donations whenever you are ready to give, so be wary of anyone who pressures you to donate right away. They are trying to get your money before you have time to do research or question their legitimacy. If someone is using high-pressure tactics to try to get you to donate, hang up or don’t respond until you’ve had time to do some investigating. We recommend running an internet search of the charity’s name followed by the word “scam” or “complaint”.
4. Requests for unusual payment method
If the charity asks you to donate using an unusual payment method like gift cards, cryptocurrency, cash or money transfer, it’s a scam. Scammers like these types of payment methods because they are untraceable. Credit cards or checks are much safer payment methods that can be tracked down if something goes wrong—and a legitimate charity will gladly accept these types of payment methods.
5. Demand for personal information
If a charity asks you to provide personal information—such as your Social Security Number or bank account number—it’s a scam. Real charities don’t need this type of information to process a donation. If you are required to provide personal information you aren’t comfortable sharing, look for another charity to donate to. To find a reputable charity, search for well-known organizations that support the cause you’re interested in.
Veterans Day is a day for honoring those who have sacrificed their lives for our freedom. Sadly, veteran charity scams look to take advantage of Americans who wish to give back. Remember, when in doubt, do your research! Reputable charities will not pressure you into making a donation without answering your questions, and they will never ask for sensitive information. If you are targeted by a scammer, report it to the Federal Trade Commission at ReportFraud.FTC.gov.
Information retrieved from FightCybercrime.org. To view the full article and learn more about Veterans Day scams, visit:
https://fightcybercrime.org/blog/how-to-spot-veteran-charity-scams/
UWF Experts Works to Protects Cars from Cyberattacks
“Almost all modern automotive vehicles are equipped with some form of electronic connectivity through GPS devices, smartphones, telematics devices, roadside sensor units, on-board devices, WiFi, among others,” Francia said. “On one hand, these connectivity features provide newly found conveniences. On the other hand, they provide an expanded attack surface that adversaries can take advantage of.”
Francia explained one example is an adversary successfully taking control of a vehicle’s speed on a busy interstate highway. He has been part of a research group known as the Transatlantic (US-Ireland-Northern Ireland) working group on IoT/CPS Cybersecurity Research. Their research has uncovered several cyber threats related to connected vehicles including that the radio frequency signal from keyless remote fob transmitter can be intercepted and cloned for replay attack; the vulnerabilities in automotive controls due to insecure communication channels; the susceptibility of the inter-vehicle network due to an insecure protocol; and the viability of Machine Learning techniques in recognizing various attacks on the vehicle network.
Francia’s research project on securing connected cars from cybersecurity threats began in 2019. It has received funding support from the National Security Agency, the Florida Center for Cybersecurity, the Office on Naval Research and the Florida Department of Transportation. The workshop was supported by the National Science Foundation (USA), Department for the Economy (Northern Ireland), and Science Foundation of Ireland (Republic of Ireland).
For more information on UWF’s Center for Cybersecurity, visit uwf.edu/cyber.
Article available at https://news.uwf.edu/uwf-cybersecurity-expert-shares-research-on-connected-vehicle-security-warns-of-vulnerabilities-in-modern-vehicles/.
Cyber Florida Launches Statewide Cybersecurity Risk Assessment for Critical Infrastructure
Oct. 21, 2022—Tampa, Fla– The Florida Center for Cybersecurity (Cyber Florida) at the University of South Florida and Florida Digital Service are working together to launch the state’s first statewide assessment of both public and private critical infrastructure cybersecurity pursuant to House Bill 5001, Appropriation 2944B. The appropriation provides $7 million in funding to Cyber Florida to “conduct a comprehensive risk assessment of the state’s critical infrastructure and provide recommendations to support actionable solutions for improvement of the state’s preparedness and resilience to significant cybersecurity incidents.”
The assessment is part of a significant investment by the Florida Legislature to enhance the state’s cyber resiliency, dubbed “CyberSecureFlorida.” The initiative also includes a $30-million statewide cybersecurity awareness and upskilling training program for public sector employees and establishing a cyber range to help public cybersecurity and information technology professionals learn to detect, prevent, and mitigate cyberattacks. Law enforcement personnel will also be able to use the cyber range to learn digital forensics and evidence-gathering techniques.
“Florida lawmakers have made an unprecedented investment in the state’s cyber resiliency,” said General (Ret.) Frank McKenzie, Executive Director of Cyber Florida. He continued, “This risk assessment will enable Cyber Florida to start building a statewide community of cybersecurity leaders and practitioners centered on Florida’s collective cyber resiliency.”
The assessment consists of an online survey of roughly 150 questions using the Cyber Security Evaluation Tool (CSET) created by the Idaho National Laboratory and the Department of Homeland Security. Cyber Florida is leveraging Idaho National Laboratory’s critical infrastructure cybersecurity expertise through a Strategic Partnership Project (SPP). Florida is the first state in the nation to conduct a statewide survey using CSET.
The CSET link will open on Oct. 20, 2022, at cybersecureflorida.org. Participation is voluntary, and Cyber Florida is encouraging all critical infrastructure organizations in the state, both public and private, to participate. Participants will receive a custom risk assessment report for their organization, which they can use to apply for potential grant funding. All data will be kept confidential and housed on secure servers at Cyber Florida’s host institution, the University of South Florida.
The data will be compiled and reviewed by researchers at MITRE working with Cyber Florida to create a report for the Florida Legislature and Governor DeSantis. The report will outline the aggregate, anonymized findings and recommend potential legislation and funding initiatives to enhance and fortify the state’s critical infrastructure cybersecurity posture.
To learn more about the assessment, please visit cyberflorida.org/cybersecureflorida/.
ABOUT CYBER FLORIDA
The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads an array of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.
###
Cyber Florida Names Ernest Ferraresso as New Director
October 4, 2022 – Tampa, Fla. – The Florida Center for Cybersecurity at the University of South Florida (USF), also known as Cyber Florida, is delighted to announce that Ernest “Ernie” Ferraresso has been selected to serve as Cyber Florida’s new Director, overseeing the center’s day-to-day operations under Executive Director General (Ret.) Frank McKenzie.
Ferraresso previously served as Cyber Florida’s Associate Director of Programs and Partnerships, leading numerous essential projects and initiatives and helping the center grow from a regional entity to a statewide organization. Among his achievements, Ferraresso built strategic public and private partnerships across Florida to forge a strong cyber workforce and worked to implement programs focusing on education, research, and engagement to advance Florida’s cyber resilience
Before joining Cyber Florida in 2017, Ferraresso was Director of Operations for a small technology design and integration firm, overseeing the design and implementation of cybersecurity and emergency operations center technology solutions in the U.S. and Latin America. He is a retired U.S. Marine Intelligence Officer whose work included assignments with U.S. Special Operations Forces, the Intelligence Community, the George C. Marshall European Center for Security Studies, and U.S. Cyber Command.
“Ernie is a highly respected member of the Cyber Florida team,” said General (Ret.) Frank McKenzie. “His expertise, prior exemplary service at Cyber Florida, collaborative leadership style, and ongoing commitment to the mission made him the standout candidate for this role. I am entirely confident that, under his leadership, Cyber Florida will continue to flourish and secure its rightful place as the nation’s preeminent center for cybersecurity.”
Ferraresso describes his vision for Cyber Florida’s future as being the mechanism at the heart of Florida’s efforts to stand as the national model for a statewide culture of cyber resiliency and collaboration. “Florida has made significant investments in advancing public sector cybersecurity as well as building a robust cyber industry and workforce across the state,” noted Ferraresso. He continued, “There are many entities, both public and private, working toward the same goals across the state, and I see Cyber Florida as the nexus of these efforts, connecting, enabling, and facilitating the initiatives and resources needed for Florida to realize its goal of being the national leader in cybersecurity.”
ABOUT CYBER FLORI
The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.
###
Three UCF Students Drafted for Official 2023 US Cyber Team
Congratulations to the three University of Central Florida students who were recently drafted for the ultra-competitive US Cyber Team!
Caitlin Whitehead, Matthew McKeever, and Cameron Whitehead, all members of the UCF Collegiate Cybersecurity Competition Team and members of the Collegiate Cyber Defense Club (hackucf.org), were selected to represent the United States at various global scrimmages and the International Cybersecurity Challenge (ICC) in 2023.
Over 1,200 athletes from across the nation competed in the Season II US Cyber Open CTF Competition, after which a select group of the top 85 athletes were invited to train and compete in the US Cyber Combine Invitational. The US Cyber Combine is an inclusive, virtual camp focused on athlete training, evaluation, observation, and engagement to provide coaches an opportunity to identify high potential athletes for the US Cyber Team. The selection of the Season II, US Cyber Team took place during a Draft Day program where the top 25 cybersecurity athletes were selected to represent the United States.
Student Loan Forgiveness Scams Are On The Rise
There’s no question that student loan debt is a major problem for many people in the U.S. In fact, researchers estimate that there are currently more than 44 million Americans with student loan debt, and the average U.S. household that has student loan debt owes just over $57,000. With so much debt, it’s no wonder that there are people out there who are looking for ways to get rid of it. And that’s where student loan forgiveness scams come in.
There are a lot of companies and individuals out there who claim they can help you get your student loans forgiven. But the truth is, most of these offers are too good to be true. And if you’re not careful, you could end up getting scammed.
Recognizing a Federal Student Loan Forgiveness Scam
There are a few different types of student loan forgiveness scams out there. Here are three of the most common:
The company promises loan forgiveness for a fee. This is probably the most common type of scam. But the truth is, you don’t need to pay anyone to get your loans forgiven. The government has a number of programs that can help you get rid of your debt, and you can apply for them for free.
The company promises to lower your monthly payments. This is something you can do for free. There are a number of government programs that can help you lower your payments, and you don’t need to pay anyone to access them.
The company promises to consolidate your loans. This can be a good thing or a bad thing, depending on the interest rate you’re currently paying. If you’re consolidating your loans at a lower interest rate, it can save you money. But if you’re consolidating your loans at a higher interest rate, it could end up costing you more in the long run.
If you’re considering student loan forgiveness watch out for:
- Guarantees: Be wary of any company or individual that promises to guarantee your student loan forgiveness. The truth is, there’s no such thing as guaranteed student loan forgiveness. So if someone tells you they can guarantee it, they’re probably lying.
- Upfront Fees: You should never have to pay any upfront fees for student loan repayment assistance. If someone asks you to pay an upfront fee, it’s a good sign that they’re a scammer.
- High Pressure Sales Tactics: Be wary of anyone who’s pressuring you to sign up for their program or make a decision right away. If someone is trying to rush you, it’s likely because they’re not legitimate.
- Promises of Quick Forgiveness: Be careful of anyone who promises quick and easy student loan forgiveness. The truth is, the process can take years. So if someone tells you they can get your loans forgiven quickly, they’re probably not being honest.
- Outrageous Claims: Be skeptical of anyone who makes outrageous claims about student loan forgiveness. For example, if someone tells you that you can have your loans forgiven in a matter of weeks, it’s probably too good to be true.
Immediate Action Steps
If you think you may have been a victim of a student loan forgiveness scam, it is important to take action right away to protect yourself and your finances. Here are some steps to take if you are scammed:
- Contact the three major credit agencies: Equifax, Experian and Transunion. Although loan scammers mostly focus on the fees, your personal information is in danger. Consider placing a freeze or fraud alert on your credit report. This will prohibit the scammer from opening new accounts in your name.
- Call your bank or credit card company right away if you paid a fee using your debit or credit card. By immediately reporting the transaction as fraudulent, you might be able to prevent paying the fee. They can also help you change any compromised accounts.
- Get in touch with your official loan servicer. They will be able to help guide you to secure your account and can help you with repayment.
- Update your FSA ID password right away if you gave the scam company your FSA ID.
Reporting the Scams
Reporting student loan forgiveness scams is crucial to helping others avoid being scammed. As a society, the more people that report online scams and fraud, the more national reporting data that is collected, and the better chance law enforcement has to catch the criminals and decrease cybercrime.
Whether you provided financial or personal information to scammers or not, report the incident to the following authorities:
- The Internet Crime Complaint Center: The IC3 will review your report and refer it to the appropriate federal, state, local and international agencies if necessary.
- Consumer Finance Protection Bureau: While the CFPB might now be able to help with specific case, they will use your complaint to shut down fraudulent companies.
- Your State Attorney General: Many State Attorney Generals take student loan forgiveness scams very seriously.
Find Legitimate Help for Student Loan Forgiveness
There are a number of government programs that help with loan forgiveness. And you can access these programs for free. So there’s no need to pay anyone for help. The U.S. Department of Education (ED) offers free and legitimate student loan forgiveness programs. Contact your official loan servicer to find out if you qualify.
If you’re considering student loan forgiveness, make sure you do your research and be careful of scams. There are a lot of companies and individuals out there who will try to take advantage of you. But if you’re aware of the signs of a scam, you can protect yourself.
To learn more about other scams affecting students, visit our education/scholarship scams page.
Article retrieved from Fight Cybercrime. View the original article: https://fightcybercrime.org/blog/student-loan-forgiveness-scams-are-on-the-rise/
Cyber Florida Staff Director Dr. Ron Sanders Retires
July 18, 2022—TAMPA, FL: After helping to oversee a period of rapid change and dramatic growth at the Florida Center for Cybersecurity (also known as Cyber Florida), Staff Director Ron Sanders, DPA, has announced his retirement. Dr. Sanders first served as a member of the Board of Advisors upon the center’s founding in 2013. In 2020, he was brought on as staff director under former Executive Director Mike McConnell, VADM, USN, Ret., who has also recently retired. During his tenure as staff director, Dr. Sanders championed several new initiatives that garnered national recognition for the center and helped secure significant new funding for a series of efforts to improve the state’s overall cybersecurity posture.
“I am grateful to Dr. Sanders for his many notable contributions to this organization,” said the center’s new executive director, General (Retired) Frank McKenzie. He continued, “His leadership was instrumental in elevating Cyber Florida to national prominence, and together, he and VADM McConnell built an impressive legacy. I’m proud to carry on the remarkable momentum they created and wish Dr. Sanders well in retirement.”
Dr. Sanders’ career includes nearly three decades of decorated civil service. Among his many accomplishments, he helped lead the historic post-Cold War transformation of the U.S. Defense Department and the post-9/11 stand-up of the Department of Homeland Security and the Office of National Intelligence. He managed the recruiting, development, and deployment of thousands of new intelligence officers to fight the Global War on Terror and the restructuring of the IRS. He helped establish the United Arab Emirates’ cybersecurity and space agencies and China’s National School of Administration. He was also a presidential appointee, serving as chair of the U.S. Federal Salary Council from 2017 to 2020.
Dr. Sanders is the recipient of three Presidential Rank Awards (from DOD, IRS, and the U.S. Office of Personnel Management), two Teddy Roosevelt Distinguished Public Service Awards, and the National Intelligence Distinguished Service Medal. He is the author of four books and has served on the faculty of several distinguished institutions, including George Washington University, The Brookings Institution, and the University of South Florida.
During his tenure with Cyber Florida, he led the transformation of the University of South Florida’s online M.S. in Cybersecurity into four independent cyber-focused master’s degree programs to better align with employer needs. He advocated for the launch of the center’s highly successful Operation K12 program, and his passion for public service led him to create the Cyber Citizenship Education initiative, designed to teach K-12 students to navigate online misinformation and disinformation, among other accomplishments.
ABOUT CYBER FLORIDA
The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.
###
Cyber Florida Says Goodbye to Executive Director, Welcomes New Leadership
After a highly distinguished career in public service spanning more than five decades, the Honorable J. Michael “Mike” McConnell, VADM, USN, Ret., has retired as executive director of the Florida Center for Cybersecurity at the University of South Florida (USF), also known as “Cyber Florida” as of June 30, 2022. General Frank McKenzie, USMC, Ret., has been appointed by USF President Rhea Law to be Cyber Florida’s new executive director. General McKenzie will also be leading USF’s new Global and National Security Institute [link to USF news article].
McConnell first served as chair of the board of advisors upon the center’s launch in 2013. He assumed the role of executive director in February 2020 at the behest of then-USF President Steven C. Currall. During his two-and-a-half-year tenure, McConnell elevated Cyber Florida from a regional center to a truly statewide entity, helping to guide policy at the state level and expanding the center’s reach beyond the State University System of Florida to include the Florida College System and the state’s public school districts, the state’s defense extensive defense industry, and several federal agencies. Under his guidance, the center also forged strong relationships with Florida’s military community, robust defense industry, and several federal agencies, including helping to bring in several million dollars in grants from the National Security Agency.
“We sincerely thank Vice Admiral McConnell for his decorated career of service to our country and his many important contributions to the success of Cyber Florida. We wish him the best in a well-deserved retirement,” USF President Rhea Law said. “With the foundation Vice Admiral McConnell helped establish, I look forward to seeing Cyber Florida continue to strengthen the cybersecurity industry across our state and the nation in the future.”
General Frank McKenzie, who recently retired from the U.S. Marine Corps as commander of U.S. Central Command, has taken over as Cyber Florida’s new executive director as well as leading USF’s new Global and National Security Institute.
“Vice Admiral McConnell has set Cyber Florida on a solid trajectory to position Florida as a national industry leader and model state for cybersecurity, and I intend to carry on that mission leveraging the strong momentum he and his team have created,” said McKenzie.