University of Delaware

Secure UD

Secure UD News: February 2018

Secure UD is the University of Delaware's comprehensive, community-oriented information security initiative. Raising awareness of cyber issues equips and empowers us to make informed, security-conscious decisions in our personal and work lives.

 

Secure UD Training refresh at the end of February

Secure UD Training for 2017 will conclude at the end of February, 2018. Employees who haven't already done so are strongly encouraged to complete this training.

2018 Secure UD Training will be released in March and will feature an improved learning environment and updated content. Participants will receive emails from the official email address of Secure UD, secadmin@udel.edu. As always, employees can log in to training through the Secure UD website.

As with last year, training will be delivered in two phases:

  • Phase I will be released in March and will remain available until the end of September.
  • Phase II will be released at the beginning of October and will remain available until early 2019.

Employees are strongly encouraged to complete 2017 Secure UD Training before the end of February, and to complete the phases of 2018 Secure UD Training as they become available.

Department heads may request a report of training completion within their units by sending an email to secadmin@udel.edu.

Take action! Complete your 2017 Secure UD Training today!


 

2018 Winter Olympics features a competition in cybersecurity

The Winter Games are changing to match our increasingly connected cultures: cybersecurity is becoming as much an event as any taking place on the ice or snow. Right beside news coverage of curling, skiing, and hockey are reports about the cyberattack that took down the official Pyeongchang 2018 website earlier this month.

The attack on the Olympic website is only one example—hackers have extensively targeted competitors, coaches, and support personnel using phishing attacks, malware, and other cyberweapons. Many scammers are also distributing phishing emails to viewers hoping to follow their favorite teams or events. Some of these scams claim to offer tickets or merchandise. And, as usually happens with major sporting events, hackers have also created fraudulent streaming sites that claim to offer high-def coverage, interviews, and other perks, but really offer malware. Some enterprising cybercriminals have even released their own malicious mobile apps for those hoping to get live updates.

Take action! Avoid Winter Olympics phishing scams and fraudulent streaming sites and apps. Follow reputable sources for coverage of the Games.


 

Tax and W-2 scams continue

Tax season continues this month. As many taxpayers eagerly await their returns, many scammers are trying to beat them to the punch. From January to April, criminals submit tens of thousands of fraudulent tax filings in an attempt to defraud the IRS of hundreds of millions in refunds. Although the IRS takes steps annually to identify and reject as many fraudulent filings as possible, attackers are persistent.

Protect yourself from tax fraud by filing your returns as early as possible.

Watch out for tax or IRS-related phishing and vishing scams as well. Scammers impersonate the IRS and contact taxpayers directly; some go so far as to threaten arrest or legal action if the taxpayers don't remit payment to a specified account or address. Remember, the IRS will never initiate contact with you via email or phone, especially not to demand payment or threaten you.

University employees, especially HR managers and liaisons, should also be vigilant for suspicious requests for W-2 files. Cybercriminals may impersonate University officials and ask for reports containing our employees' personal information. Double check requests for sensitive information by contacting the alleged sender separately for verification before you provide any data. You can also forward suspicious emails to reportaphish@udel.edu.

Take action! Watch for suspicious emails and forward them to reportaphish@udel.edu.


 

"Take a BITE out of phish!"

The Secure UD "Take a BITE out of phish!" campaign is an ongoing phishing awareness enhancement to Secure UD Training. Each month, a selected sample of employees will be presented with a harmless test phish that mimics the real attacks being launched against the University community. The tests are non-punitive and are intended to reinforce awareness and skills for recognizing suspicious, potentially dangerous emails. Annotated versions of test phish and real phishing attacks are posted to the Secure UD Threat Alerts blog.

Help UD take a BITE out of phish:

Think you can spot real and test phishing emails? Report suspicious emails by forwarding them to reportaphish@udel.edu. Your vigilance helps Secure UD.

Department heads may request phishing tests of their units, as well as Secure UD Training reports for their units, by emailing secadmin@udel.edu.

Take action! Forward suspicious emails to reportaphish@udel.edu.