UMMS ITS Security Team’s Tips to Reduce Your Holiday Cybersecurity Risk

The holidays are a time of increased cybersecurity risk. In an effort to protect you and UMMS, we are providing information on two specific concerns along with actions you can take to reduce your risk.

Fraudulent Package Delivery and Order Phishing Emails

Internet attackers (hackers) increasingly modify their Phishing email attacks around the holidays to deceive recipients into disclosing logon credentials or opening attached files containing malicious software. The attackers send very authentic-looking emails with urgent claims that a package could not be delivered to you, or that there was a problem with your order that requires immediate action. The emails usually contain a link to a fraudulent website intended to deceive you into entering your username and password.

When the attacker has your logon credentials, your account is compromised and fraudulent orders are often made, at your expense. Using the same username and password for other services makes it easier for attackers to gain access of those accounts as well. Opening these attachments and website links can also cause your computer to become infected from malicious software.

Actions to Take to Reduce Your Risk

  • Be extremely suspicious of emails with website links or attached files
  • Apply this Phishing checklist: If the email stresses urgency, has grammatical errors and a wrong or unknown sender email address, chances are it is an attack. Delete it, and do not open attachments or click on any links
  • Use different passwords for each Internet service you use
  • Never use your UMMS email address for non-work services

Marriott Breach Notification

This week, Marriott announced its Starwood Hotels reservation database has been breached.  Anyone who made a reservation for a Starwood property – which include Sheraton, Westin, W Hotels, St. Regis and others – between 2014 and September 2018 may have had their information stolen. This information could include names, credit card numbers, birth dates, arrival and checkout dates and passport numbers.

Actions to Take to Reduce Your Risk

  • Visit the website offered by Marriot to learn more, and consider using the free WebWatcher service offered
  • Be suspicious of any emails related to this incident. They may be Phishing attacks attempting to exploit the confusion and deceive you into disclosing information to the attacker
  • Review your credit card and bank statements carefully, and identify and report any questionable transactions

Password and Username Re-Use Increases Risk of Attack

It is easy to use the same password and/or username for your various services such as Amazon, LinkedIn, and your UMMS email and remote access. However, attackers have adapted their tactics to turn this to their advantage. When one Internet service is breached, they have begun automating the process of trying the captured usernames and passwords to gain access to other common Internet services. This has significantly increased the damage and cost of breaches, as more fraudulent orders and l data theft occurs as a result. This puts both you and UMMS at risk, if you use the same credentials for your UMMS login.

Actions to Take to Reduce Your Risk

  • Do not use your UMMS username or full email address for non-business purposes
  •   Avoid using the same username and password for multiple Internet services – ie. Amazon, eBay, Linkedin, etc.

Questions?

If you have any questions, please contact the UMMS ITS Security Team.