Recent phishing campaigns targeting UF faculty and staff have shown an increasing sophistication, posing an increasing threat to UF. While previous attempts were generally obvious due to spelling errors or recognizable mistakes in content or layout, recent phishing emails have been difficult to immediately distinguish from genuine, UF department-sent emails.
Recent phishing attacks have affected faculty and staff from multiple UF campuses, compromising their GatorLink accounts. Compromised accounts can lead to compromised UF systems. Depending on personal browsing behavior, a phishing attack could also lead to personal information being stolen. Many of the recent phishing attempts feature a link containing ‘ufl’ as part of the URL, but the link actually sends the user to a non-UF site designed to steal your username and password.
To protect yourself and UF:
- Never click on a link in an email that takes you to a non-UF website where you’re asked to enter your UF credentials. A good practice is to hover your mouse pointer over the link and verify that it’s a ‘ufl.edu’
- Never send your GatorLink username and password by email! Remember: No one from the UF Computing Help Desk will EVER ask you for your password, either over the phone or by email!
A new Cyber Security @ UF class also can help employees become better equipped to spot phishing attempts and other information security issues. The two-hour class is available at Communicore and in the Hub. Visit https://training.it.ufl.edu/ to view the calendar and to register for Cyber Security @ UF. The class is also available for departments and units as an on-site training. Anyone interested in on-site training may contact UFIT Training Manager Ashley Weser to discuss scheduling dates.