Cybersecurity Awareness Month features virtual events and a campus-wide phishing simulation

October 1, 2021
Dewight Kramer
Chief Information Security Officer
Information Technology Solutions
October 1, 2021

Ghosts, ghouls, and… cybercriminals? October is the month of Halloween, but it is also the month of Cyber Security Awareness.  

Throughout the month of October you’re invited to participate, along with your peers at other UCs, by attending interesting and informative cyber security events hosted by the University of California and UCR Information Technology Solutions (ITS). Best of all, your participation makes you eligible to win cool prizes, such as an ITS power bank, laptop sleeve, or even an iPad! Visit https://its.ucr.edu/cybersmart for more information about CSAM 2021 and cyber security best practices. 

The purpose of CSAM is to bring awareness to common cyber security threats and mitigating resources to help everyone stay safe and secure online. This is important because UC Riverside is a prime target of attacks from cybercriminals, including but not limited to phishing, ransomware, and job offer scams. In fact, some of these attacks have already claimed victims at UCR this year. The financial, mental, and emotional toll of cyber crime is immense, which is why ITS wants to remind the Highlander community to follow cybersmart practices and remain vigilant when working online. 

To help arm the Highlander Community with the skills they need to defend themselves from common cyberattacks, ITS will also commence campus-wide phishing simulations in October. 

Phishing (pronounced ‘fishing’) is one of the most common attack methods used by cybercriminals today. In fact, over 91 percent of cyber-attacks start with a phishing email, and three out of four organizations have experienced phishing attacks. Phishing emails are crafted to look legitimate but contain malicious programming or content used to capture sensitive data, which can put you and UC Riverside at risk.

Ongoing training on how to identify and avoid phishing scams is critical to cybersecurity at UCR, which is why ITS is operationalizing phishing simulations. This means that at any given moment an email could be sent to UCR faculty, staff, and/or students (@ucr.edu addresses) that will closely mimic an email phishing scam. Your job is to identify these phishing simulation emails and follow the steps to report phishing to the ITS Information Security Office. 

If you accidentally engage with one of the phishing simulation emails, you will be presented with a ‘learning moment’ containing tips and reminders on how to avoid phishing scams. A high-level "campus report card" will be created and shared with campus administrators on a regular basis to give insight into our campus’ cybersmart practices. Please be aware that any engagements with phishing simulation emails will not be reported at the individual level.

The use of this type of phishing campaign to assess a campus’ risk of cyberattack is not only common, it’s considered best practice among Information Security professionals. Phishing simulation campaigns are a common tool in organizations to educate users and mitigate actual phishing attacks by assessing the organization’s level of preparedness and response. Although phishing campaigns are not a silverbullet and have their limitations it is a useful one tool.

The global shift to remote work has galvanized cybercriminals to increase the complexity and frequency of their attacks. Generally, there are simple ways to spot a phishing email. Here are some warning signs to look out for:

•    Bad grammar or punctuation may be a sign, but we weary that cybercriminals have stepped up their game; misspellings in names or odd/uncommon word choices may be a better indicator 

•    Strange fonts or paragraph spacing 

•    Slightly modified email addresses 

•    Forms that ask for sensitive information like usernames and passwords

•    Links to strange websites

•    Requests for money or passwords from what appears to be a “trusted” person

•    A request for you to do something that gives you pause – trust your gut! If alarm bells are going off, it may be a scam. 

For more cybersmart tips and tricks, visit https://its.ucr.edu/cybersmart

Cyberspace can be a dark and scary place, but together we can shed light on the potential dangers and arm ourselves with the knowledge and resources needed to stay safe. We hope you’ll join us at the CSAM 2021 events!