UNT System Information Security Launches Phishing Awareness Campaign

One of the most common techniques that hackers use to gain sensitive information from people is by phishing, which is a fraudulent email attempt to lure people into sharing their personal, financial and other sensitive information. Once the information is shared, the hackers then use that information to gain access to personal accounts. Every day phishing scams are becoming more sophisticated, so it is important as an employee to be aware of phishing techniques to avoid your work email account and information being compromised.

To help educate employees on recognizing phishing attempts, UNT System Information Security has purchased a phishing awareness assessment product from the SANS Institute.  Employees may already be familiar with SANS through the Securing the Human online security awareness training.

The phishing awareness assessment product will allow UNT System Information Security to send simulated phishing emails that in return provide security awareness training to those who are enticed by the phishing email.  The simulated phishing emails will be followed up with information on what the indicators were that the phishing email was not valid and why training and awareness is important.  The goal is to increase the security awareness in our community and provide education through experience. By understanding how to detect a phishing attempt, employees can help protect themselves and keep UNT System safe from cyber criminals.

There are several things you can look for to determine if an email is a phishing attempt:

·       The message requests UNT information from a site that is not affiliated with a UNT institution or one that we do business with.

·        The message contains URLs (links) in the body of the email that do not match what is shown in the email address or footer.

·       The message requires that something be done immediately, such as "within the next 24 hours".

·       The message contains a request for any type of sensitive information.

·       The message contains simple and recurring misspellings or grammatical errors.

Things to keep in mind when dealing with a potential phishing scam:

• Never click on a suspicious link as it could lead to a malicious site
• If the email is supposedly from a financial institution or another government agency, contact them through alternate means to confirm the email's legitimacy
• Never make personal or financial information publicly available
• Our staff will never directly ask you for your password

To learn more about phishing, visit this page. If you have doubts about an email sent to you, or believe you may have unintentionally divulged sensitive information, contact your computer support personnel or email security@untsystem.edu.