Last month was National Cyber Security Awareness Month (NCSAM). Each year, UD IT leverages this opportunity to promote community awareness of the threats to our digital lives and equip each and every community member with the skills and resources they need to protect themselves. By practicing good cyber hygiene, every member of the University community can help secure their personal information, our community, and our University.

Members of the University community were encouraged to follow UDaily throughout October for weekly articles and tips, complete Phase II of 2017 Secure UD Training, forward suspicious emails to reportaphish@udel.edu, and check the Secure UD Threat Alerts blog for current information about threats affecting the campus community.

Employees who completed their Secure UD Training before the end of October and/or forwarded October's "Take a BITE out of phish!" test email to reportaphish@udel.edu were automatically entered into a prize drawing.

Congratulations go out to our winners:

• Kyle McCarthy in Entomology & Wildlife Ecology,
• Sergeant Daniel Garibaldi of the UD Police Department,
• Linda Baird in Recreation Services, and
• Marsha Lockard in University Finance.

Thank you to these cyber champions—and to over 1000 other faculty and staff—who demonstrated their commitment to our community's security.

Take action! Treat every month like it's National Cyber Security Awareness Month. Stay alert and stay aware of the threats that could affect you. Scammers and hackers don't take breaks, and neither should we!

With Black Friday, Cyber Monday, and the holiday season just around the corner, it's important to stay aware of the possible scams aimed at holiday shoppers. Studies show phishing attacks increase significantly during the holiday season. Stay one step ahead of scammers by educating yourself about the risks:

• Watch for credit card fraud. Look over your statements a few times a month, especially if you're doing a lot of shopping. Make sure you recognize all of the transactions; if you see an unfamiliar charge, contact your card-issuing bank to investigate it. Cybercriminals will sometimes sneak in fraudulent transactions during busy shopping seasons hoping that the real account holders won't notice! Some banks offer apps that alert you for transactions, suspicious activities, or new statements. Consider using these to stay up-to-date on your activity.
• Be careful about providing personal information. Your email account, phone number, and especially bank account and credit card numbers are all valuable personal information that you should protect. Scammers may send realistic-looking phishing emails to shoppers asking to "confirm a shipment," "provide payment information," or "verify a travel booking," but they're really trying to steal your personal information. Think before you click on any link in an email, especially if you sense that something may be suspicious.
• Make sure you shop on legitimate websites. Always ensure that you're following links to correctly-spelled web addresses. Using fraudulent web addresses is a real and dangerous tactic: scammers use lookalike addresses like "anazon" (as opposed to "amazon") to lure unsuspecting shoppers into revealing personal information or downloading malware. Entering a fake site could mean big trouble for your computer and your information.

Don't let cybercriminals get the edge on you this holiday season. Educate yourself and others about the risk of scams, and exercise caution. If you get the sense that something's wrong with an offer, and email, or a website, trust your instincts.

Take action! Shop and travel safely this holiday season. Awareness and intuition are your best defenses against scammers, hackers, and other cybercriminals.

The Secure UD "Take a BITE out of phish!" campaign is an ongoing phishing awareness enhancement to Secure UD Training. Each month, a randomly-selected sample of employees will be presented with a harmless test phish that mimics the real attacks being launched against the University community. The tests are non-punitive, but employees are strongly encouraged to treat all suspicious emails as potentially dangerous.

Take a BITE out of phish:

• Be aware of the threat
• Identify the warning signs
• Tell us about suspicious messages
• Erase phish from your inbox

Think you can spot real and test phishing emails? Report suspicious emails by forwarding them to reportaphish@udel.edu. Your vigilance helps Secure UD.

Annotated versions of test phish and real phishing attacks are posted to the Secure UD Threat Alerts blog.

Department heads may request phishing tests of their units, as well as Secure UD Training reports for their units, by emailing secadmin@udel.edu.

Take action! Forward suspicious emails to reportaphish@udel.edu.