Do Not Get Caught by a Phishing Scam

by Randy Hollowell, IT Services

October is National Cybersecurity Awareness Month, and this year’s theme is: “See yourself in Cyber”. With that in mind, let’s spend a little time reviewing some common ways scammers try to get your personal information -- and how to spot them so you don’t experience the heartache of falling for a phishing scam.

NCSAM 2022 BannerAccording to the Cybersecurity & Infrastructure Security Agency (CISA), 65 percent of Americans who went online received at least one online scam offer. That’s a little frightening. You don’t want to count yourself in that number. Let’s take a look at some of the ways you can ensure you’re staying safe online and not falling victim to phishing scams:

Educate yourself about what a phishing scam looks like

The best defense against phishing scams is education -- and learning how to spot scams from a mile away is a great strategy for keeping your information out of the hands of these malicious actors. Here are some quick questions to ask:

Who is the email from? If the signature indicates that the message was sent from someone at Miami, but the actual “from” box doesn’t match the server, that’s suspect.

What does the email want me to do? If someone is asking you to provide personal details, such as Social Security numbers or bank account routing information, chances are it’s a scam. That goes double if it’s the University president requesting this data. We promise, President Crawford will never (ever) ask for your SSN via email, and neither will IT Services.

Check the grammar. Oftentimes, these emails are written poorly, riddled with typos and grammatical snafus.

Read more about avoiding scams on the CISA site.

Don’t click that suspicious link!

If you get an email requesting information that already looks suspicious, don’t click any links that appear in that message. Often, clicking these links will download malicious content to your device and can result in a ransomware attack or worse.

In truth, when you’re online, you’re vulnerable. Practice safe internet browsing by using an encrypted network whenever possible, using Miami’s virtual private network (VPN) when off-campus and communicating back to Miami’s network, staying away from pop-up ads, and keeping your sensitive information close to the chest -- that includes your Social Security number, bank account information, and health care information.

Be aware -- your boss will never ask for your password

Business email compromise (BEC) scams accounted for $1.8 billion lost by businesses in 2020 -- which amounted to 37 percent of all losses. These nefarious schemes often involve someone spoofing a high-ranking person’s email account and messaging someone who works for that person to ask for account numbers, password details, and other sensitive information.

Your boss will never ask for your password. They don’t need it. They also will not ask for your bank account information and won’t ask you to send them gift cards. Period.

One way to spot a scam and make sure you’re actually speaking to your boss -- if you receive a suspicious email, just give that person a call. “Did you send me this note?” If they did, they should be able to give you context. If not, you know you have a scammer on your hands.

Close-to-home scam

Recently Miami’s Information Security Office received reports that a new scam email was making the rounds, and it has a very specific motive; to get your money.

The sender claims to be from the Best Buy Geek Squad, and the message informs recipients that they are subscribed to the Geek Squad service for $300 - $400. It also states that if you feel this is wrong to call a phone number, where they will then attempt to get money from you. An example of the note is shown below.

Email from Best Buy Geek Squad claiming the recipient owes money for their service subscription

The information security team is aware of this scam. Please be aware: Do not respond to this message and do not call the phone number.

Stay vigilant

You have the power to prevent phishing attacks -- just educate yourself on the finer points of phishing scams. The Miami community as a whole is fairly good at pointing out phishing emails -- don’t forget you should forward these messages to so our Information Security Office can investigate them.

Don’t miss our weekly spot in the Miami Matters newsletter. We have a full security-focused content list planned for October. Be on the lookout for the hashtag #NCSAM on Twitter and Instagram and more news articles in this space, as well!

October is NCSAM

Each October, we celebrate National Cyber Security Awareness Month by publishing safety tips, reminding Miami to stay vigilant in their internet use habits, and keeping everyone in the know about current scams. Check IT News for more information about staying Cyber Aware as NCSAM continues.

And remember: “Do Your Part. See Yourself in Cyber.”