Cyber Security Awareness Month: If you connect it, protect it

October is National Cyber Security Awareness Month. Follow UBIT on X and Facebook all October long for #BeCyberSmart tips on securing your connected devices at home, school and work.

It’s easy to think of cyber security as protecting your own devices and personal information. But we live in an interconnected world, and when you practice cyber security, it makes all of us safer.

What can you do? Implementing stronger security practices is a good start. Make sure you use a strong, unique password every time you sign up for a new service; when you use the same password in multiple places, every account where you use that password becomes less secure.

Better yet, use a passphrase—like a password, but a longer phrase that’s easier for you to remember, and more secure too.

Next, level up your online security by studying up on the common types of scams that might target you and attempt to steal your money or personal information:

• Job/Internship scams: Someone contacts you, usually by email, and invites you to apply for or start a job or internship. Does it seem too good to be true? Make sure you know how to spot a scam. These emails might even look like they come from someone at UB.
• Scams impersonating people at UB: Scammers target students by sending email claiming to be real people from UB—faculty, supervisors, high-level employees or even other students—and asking them to make gift card purchases on their behalf. 
• Social media scams: Phishing happens on social media too. Be wary of links or attachments sent through direct messages on social media, even if those messages are coming from someone you know—their account might be compromised! Find out how to take control of your security settings on social media.
• Financial aid scams: At the beginning of the semester, scam emails often target college students with the goal of stealing their financial aid or refunds. Remember: UB will never ask for your password. You should never log into a website you arrived at through a link in an email—always type in the address yourself. 
• QR code scam: There’s a new phishing scam targeting the UB community. Fraudulent emails, posing as UB's HR department, claim that HR/Payroll shared a file with a QR code for access. Watch out for telltale signs: check the sender's email (it won't be a UB @buffalo.edu address), unusual subject lines, and the unusual request for QR code scanning. If you've fallen victim, change your UBITName password and reach out to UBIT Help Center immediately for support.
• Google Docs/M365 phishing scam: This scheme tricks individuals into granting access to their Google or Microsoft accounts by sending emails that appear to be from trusted sources, often indicating that the sender has shared a document with them and directing them to a what appears to be a Google or Microsoft sign-in page. In some cases, it may actually be a legitimate sign-in page. 
• Using what is called an adversary-in-the-middle (AitM) attack, the threat actor can insert themselves in such a way that when someone clicks the link and logs into the legitimate sign-in page, they are able to capture their credentials and their multi-factor authentication code (2FA code). The attacker can also use a fake Google or Microsoft log-in page that looks just like the real thing to capture credentials. Once the credentials are entered, cybercriminals can access personal information, send spam, and potentially commit identity theft. 
• Recognizing the signs of this scam, such as unexpected emails, generic greetings, urgency tactics, and suspicious URLs, is crucial to protecting your online security. To safeguard yourself, enable two-factor authentication, verify the sender's identity, and hover over links to preview URLs before clicking. Make sure to report any incidents to UBIT, which you can do online. 
• If you've fallen victim to the scam, immediately change your passwords, review account activity, and monitor your financial accounts for suspicious behavior.

If you have any reason to believe your UBITName account has been compromised, change your password immediately—log into the UBITName Manager at ubidm.buffalo.edu, or contact the UBIT Help Center at 716-645-3542, or online at buffalo.edu/ubit/help.

If you believe you are the victim of identity theft, you can report the theft and make a recovery plan at identitytheft.gov.

You can always find the latest tips and alerts about cyber security on the UBIT website—just visit buffalo.edu/ubit/safe.