Top 10 Cybersecurity Tips for UofL Users

Yes, cyber criminals love to target you! As part of a university, whether you are a student or employee, scammers are looking to you for a way to access our systems and protected data. The beginning of a semester, start of a new year and the typical changes that happen when everyone returns to campus brings a new wave of phishing or online scams to the university community. Cyber criminals will try to scam you with too-good-to-be true deals or even fake payment requests. Their tactics typically include malicious links that install malware on our devices or fraudulent websites that can steal your identity. 

Protect your devices and UofL accounts against scammers

Take these steps before making any online purchases to help protect your devices, personal and financial information, and accounts. 

1. Update your software and operating systems. Software updates protect you against known threats—but only if you install them. Update software on all devices you’re using for online shopping. Better yet, enable automatic software updates to make things easier. 
2. Use strong passwords. Strong passwords are long (at least 16 characters), random and unique for each account. At minimum, strengthen passwords for personal financial accounts and all university systems. 
3. Use a password manager. A “trusted source” password manager can generate, save and fill in strong passwords for you. ITS recommends Bitwarden for university devices and accounts.
4. Use UL2FCTR (Duo) or multifactor authentication. Employing a second step to prove your identity when logging into any account or system, like entering a code sent to you keeps your accounts safer than a password alone. Turn it on for every account that offers it as an option. And never give a code or texted passkey number to anyone.

Protect yourself and UofL by increasing your cyberawareness

Learning to recognize phishing and smishing attempts is the best way to prevent the most frequently used scamming method. With AI and online trolling, cybercriminals are getting even better at their schemes. A typical scam can begin with link to a bogus website or a social media ad that promises a deal or free perks. 

5. Beware the PHISH. Most of us receive emails from university offices or UofL-affiliated vendors about our academic or business needs. Cyber criminals will often send phishing messages, designed to look like they’re from administrators or retailers, that have malicious links, technology requests or ask you for personal or financial information.
6. Don’t click links or download attachments in messages you aren’t expecting. Verify the sender – does it have the red caution bar at the top of the email? If you’re unsure if a message is legitimate, use a search engine to look up the office or company’s website and contact information. Unusual email domains or URLs that do not end in .edu is a warning sign of a scam. 
7. Be wary of requests for information or payment. Scammers may attempt to trick you into giving them information through text or email. Legitimate university offices won’t ask for sensitive information in this manner. Common scams ask you to verify your home address or confirm your account. Emails that demand an urgent need for something or a specific form of payment by wire, gift card or money order – these are most likely a scam. 
8. Report scams. If you receive a suspicious email that you think may be a phishing scam, report it using your Outlook “Report” feature. Don’t reply or click any “unsubscribe” link. Using the “Report” feature alerts our cybersecurity team of the type of phishing email that frequent our users’ inboxes and helps prevent future scams. 
9. Look for the 🔒. Pay close attention to the URL or website address. Malicious websites do their best to appear very professional or look like UofL sign-in window. Look in your browser’s location bar to make sure the website address begins with “https” instead of just “http”. Always ensure the padlock icon is locked. 
10. Be a skeptical proofreader. Look for typos or misplaced letters, poor grammar and unfamiliar phrasing of any request. Would your advisor or our ITS HelpDesk really be asking you, in this manner or for the reason listed, to update your password? Scammers usually provide limited, incorrect or suspicious contact info and are not verifiable university services. 

If you have questions or believe that you may have fallen victim to a cybersecurity scam, please contact the UofL ITS HelpDesk online or at (502) 852-7997. We’re here to assist you with the resources necessary. 

* Information in this article was taken from the Cybersecurity & Infrastructure Security Agency (CISA) online resources for cybersecurity best practices. See https://www.cisa.gov for additional topics, tools and alerts.