The Federal Bureau of Investigation (FBI) notified our Information Security Office last week that they have seen an increase in email phishing attacks at universities across the country. Our monitoring and analysis of activity on campus confirms their report.
With the 2019 tax season upon us, tax filing related scams may be next to hit our campus. We are reaching out to UA’s financial and business personnel with some important reminders to keep employees, as well as UA systems and data secure.
Be wary of emails. Scammers are getting more clever and increasingly targeted with their phishing attempts. Recent phishing emails sent to campus include invitations, gift card offers/requests, and wire transfers where emails appear to come from "President Robbins" or other senior administrators. Neither President Robbins, nor anyone else from university management, will ever ask you for your NetID password or money.
Tax season is a prime time for cybercriminals to conduct email phishing scams involving identity theft and W-2 information. The Internal Revenue Service is warning employers to be on the lookout for emails asking for sensitive W-2 information.
Practice safe computing at work. As a heavy user of the UAccess systems, particularly UAccess Financials, remember to close your browser after every session. Ensure you lock or log off of your work computer if you are away from your desk or leaving work for the day. This way, if your computer is stolen, the thief cannot access university data or your personal information. Finally, check with your IT support to ensure that your computer is encrypted.
Get informed. Training is the best way to know how to keep your information secure at work and at home. Annual information security awareness training is required for all UA employees and Designated Campus Colleagues to complete by April 30, 2019. About 3,500 employees have completed the training so far. Awareness training instructions are available on the Information Security website.
Be vigilant. If you receive an email or phone call that you think might be a phishing attempt, report it as soon as possible by contacting our Information Security Office at firstname.lastname@example.org or 520-621-6700. The Information Security Office will review the report, investigate it, and alert campus, if necessary. You may also review the Information Security Office's phishing alerts which list the most recent campus scam attempts.
Thank you in advance for helping to keep UA secure.
Barry Brummund Lanita Collette
Chief Information Officer Chief Information Security Officer
The University of Arizona University of Arizona
520-621-9723 (520) 621-9192