Sam Horowitz, Chief Information Security Officer
Kip Bates, Associate Chief Information Security Officer
Another academic year is here, and classes are well underway. Among the other things you've probably noticed is that there's an election happening. Hidden among the cacophony of news and disinformation is a persistent threat. Phishing and other social engineering attacks are up about election topics. Unfortunately, they are up across other issues as well. Now more than ever, it's essential to be vigilant.
Our colleagues involved in research need to take extra precautions. The research at UCSB and across the University of California is among the best in the world. That research has economic value, especially to other countries that lack the research capability found in the UC. Entities, both governmental and private, use phishing and social engineering tools to gain access to the hard-won discoveries that happen here. Often, fraudsters masquerade as prominent researchers to engage their targets in a dialog that may ultimately lead to disclosing research or personal information. Don't fall for it!
The rest of us must not become complacent. Large and small phishing campaigns continue to besiege the campus. Little hooks like short subject lines asking things like, "are you available?" or only "available?" should be signs that you are a target. Remember, it's easy to forge a message so that it looks like it's from someone that didn't send it. Often these messages look like they came from vice-chancellors, deans, and department chairs. Their authority elicits a response.
Suppose you get a message from someone that you know; look at it carefully. Is it in the voice of the author? That is, does it sound like the person you know? These short messages intend to engage the target in a dialog and inevitably lead to some form of economic fraud.
Election fraud takes many forms. A common scam is to solicit campaign contributions for fraudulent organizations or political action committees. It's best to never click on a link soliciting funds or information in an email message. You can always navigate to the official website and find the right way to contribute or sign-up for some purpose. The same advice goes for charitable solicitations that will increase during the holiday season.
Remember, phishing doesn't happen only by email. Don't fall for the Microsoft or Apple support person calling you about a virus on your computer. This type of fraud leads to asking you to pay for a service infecting your computer with malware instead of removing the supposed virus. Links in text messages can also lead to phishing sites.
It's essential to remain on guard year-round. Be on high alert during the election and holiday season that will follow. This time of year will surely bring more fraud to our campus community, both in business and in your personal life. Don't fall victim.
Remember, October is National Cybersecurity Awareness Month. You can find information about seminars and events at security.ucsb.edu. Take a few minutes and check it out.