Information Security

The following security awareness video has some important information you should know about phishing.

(If the video is not visible, right click on the area above for viewing options.)

You will find valuable information in the following video as well.
Social Engineering & Phishing Video

Information Security has seen several recent attempts by hackers to obtain sensitive information from the UNT community through email. This practice, known as Phishing, is on the rise. Some of these attempts can be quite convincing with logos or disclaimers taken from legitimate websites. Before you click on any link inside an email, take a moment to consider its validity. There are several things you can look for to determine if a request is a phishing scam.

Common attributes of phishing messages:

• The message may appear to come from a local source (i.e. UNT) or local businesses (i.e. Wells Fargo Bank). The most frequently seen examples appear to be notices about email account suspension that require users to enter their user name and passwords into an online form to maintain access to their account.
• The message may use legitimate looking corporate or organizational logos, idioms, disclaimers, or copyright information. It can appear to be amazon.com gift certificates, UPS or FedEX shipping notices, messages from the IRS, and fake fraud alerts from credit cards, PayPal, etc.
• The messages will likely lead to content hosted on sites that are different from the apparent origin of the message. For example, a message appearing to be from the “UNT Email Administrator” asking you to log into an account will link to a login form hosted on Google Docs.
• The message may include current events to add an air of legitimacy and to play on the phishing target’s emotions. Many of these targeted messages lead to fake charity or donation sites.
• The message may include implausible business opportunities. For example fake lottery winner announcements, fake job placements, work visa lottery scams, and fake business opportunities.
• The message requires that something be done immediately, such as "within the next 24 hours".
• The message requests UNT information from a site that's not affiliated with a UNT institution.
• The message contains a request for any type of sensitive information.
• The message contains simple and recurring misspellings or grammatical errors.
• The message contains URLs (links) in the message body that do not match what is shown in the email address or footer.

Consequences of falling for a phishing attempt:

• Identity theft
• Fraud
• Misuse of email accounts – using the account to send out spam and participate in phishing campaigns
• Deletion of all email in someone’s account and putting rules in place to delete incoming mail
• Compromised reputation of the UNT System and associated institutions – use of a compromised account affects our reputation as a legitimate mail sender

Things to keep in mind when dealing with a potential phishing scam:

• Never click on a suspicious link as it could lead to a malicious site
• If the e-mail is supposedly from a financial institution or government agency contact them through other means to confirm the e-mail's legitimacy
• Never make personal or financial information publicly available
• UNT staff will never ask you for your password under any circumstances
• If you are worried your account may have been compromised, immediately change your password and your secret question by going to https://ams.unt.edu

If you have doubts about an email sent to you, or believe you may have unintentionally divulged sensitive information, contact your computer support personnel or email security@untsystem.edu.

Below are two examples of actual phishing attempts received at UNT. More examples can be found at our Phishing "Catch of the Day" page.

See also https://itss.untsystem.edu/googledocs.