One of the many events held to celebrate October as Cybersecurity month was the Cyber Threat Brief with Scott Hellman from the FBI. This live discussion, hosted by Stanford University, centered on the most common cyber threats the FBI sees, how people are targeted, and basic methods to protect yourself. The amount of damage cyber attacks cost is… Read More »
To help you provide phishing awareness training in your unit ITS Information Assurance (IA) has published new phishing curriculum materials on Safe Computing!
If you manage U-M or unit systems, computers, or data, you are responsible for taking steps to protect them from ransomware. If you use U-M computing services, you are responsible for learning not to respond to phishing emails, which often provide entry to ransomware.
People are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your legitimate university communications. In order to not appear phishy, focus on helping recipients verify the legitimacy of your U-M emails so they know they are safe to open. Tips are available on the Safe Computing website.
To continue to improve IT security at U-M, the university is adding Area 1 Security to its mix of anti-phishing defenses.
Given the current infodemic related to the COVID-19 pandemic, it is harder than ever to get your important university information through to the people who need it. People are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important, legitimate communications. Focus on helping recipients verify the legitimacy of your U-M… Read More »
Across the world, working from home has become a necessity. When you are working from home, follow IT security best practices to protect yourself and U-M: Secure your computer, smartphone, and other devices. Secure your connections to protect data you send and receive. Beware of phishing, scams, fraud, and other tricks and traps. Protect sensitive U-M data by… Read More »
A newly announced Google Faculty Research award will fund a research project on developing better phishing warnings co-led by School of Information assistant professor Florian Schaub. Phishing attacks trick victims into clicking malicious email links to get them to disclose sensitive information such as personal data and passwords, or install malware. Building on prior work, Schaub says this project… Read More »
Due to an increased threat of phishing attacks targeted at Michigan Medicine, remote access to Outlook email will change on November 21. Michigan Medicine email users will need to connect to the VPN or use Outlook on the Web anytime they are off the Michigan Medicine network. This change only impacts laptop or desktop computers — accessing email on… Read More »
You know about hovering over links in email with your mouse to see the destination URL before clicking. But what do you do on your smartphone or tablet where you don’t have a mouse or trackpad? Press the link and hold down till a dialog box appears.
Michigan Medicine employees can expect to receive simulated phishing emails from the Information Assurance department throughout the months of May and June.
You have an important university email to send, but how do you craft it so it looks like the official, trustworthy, communication it is? In other words, how do you keep people from thinking it is a phish? Email users are rightfully suspicious of unsolicited email, but that can sometimes cause them to ignore or delete your important,… Read More »
Information Assurance will soon introduce a “Report Phishing” button to the Outlook email system used within Michigan Medicine. The button will be handy way to report quickly and efficiently any email that seems a little “fishy.” Learn more on the HITS website.
Phishing emails often include links to fake Weblogin pages that look exactly like the real one. If you log in to the fake page, your password is stolen, and your U-M account could be compromised. The only clue it’s a fraudulent login page is the URL. Before entering your UMICH (Level 1) password, check that the page’s web… Read More »
Following successful pilots within the departments of Pathology and Family Medicine to identify and report simulated phishing emails, Information Assurance (IA) and Health Information Technology & Services (HITS) are gearing up to conduct a phased, anti-phishing educational awareness campaign throughout all of Michigan Medicine. HITS staff will be the initial target group to receive a series of simulated… Read More »
There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. When you use this new address, you send your phishing report directly to the Information Assurance (IA) staff members who focus on protecting the university community from phishing. They can quickly check your report and then add that information to the anti-phishing tools used to block malicious… Read More »
There’s a new address for reporting phishing emails at U-M: ReportPhish@umich.edu. Previously, people were asked to report phishing to the IT User Advocate at abuse@umich.edu, Information Assurance (IA) is now asking that these reports go to ReportPhish@umich.edu instead. We’ll use the new address for the UM-Ann Arbor campus, but Michigan Medicine is going to hold off on rolling out… Read More »
Are you interested in providing anti-phishing education through self-phishing in your unit? If so, be aware that any U-M unit considering such an effort is expected to abide by self-phishing guidelines and norms from Information Assurance (IA). The guidelines are intended to contribute to the success of your anti-phishing efforts and to share IA expertise based in part… Read More »
From July to September of this year, University of Michigan-Flint ITS, supported by the U-M Information Assurance Office (IA), conducted an awareness campaign on campus that resulted in a significant decrease in the number of users who fell for simulated phish emails. In addition to IA support, UM-Flint ITS groups that were also instrumental in this process included… Read More »
Beware of so-called “vishing” phone scams meant to trick you into giving money or personal information to a criminal.