Digital Identity

  👋 Welcome to Digital Identity! Watch out for Homoglyph Attacks Not all web addresses are what they seem. A homoglyph attack uses look-alike characters to trick you—for example, university.edu vs. unіversity.edu (the “i” in the second link is Cyrillic, not English). At a glance, the sites look identical, but the fake one is designed to steal your login. To stay safe, always hover over links before clicking, type addresses directly into your browser, and use bookmarks for official portals. If something looks suspicious

      👋 Welcome to Digital Identity! Why Phishing Works: The Psychology at Play Phishing is successful because it manipulates how our brains make quick decisions. We like to think we're rational, but some of our decision-making is fast, emotional, and automatic. Scammers know this, and they design their messages with these in mind: Urgency and Fear  - a warning that your bank account will be frozen, or your email deleted, in 24 hours, creates panic, which short-circuits critical thinking. 

     👋 Welcome to Digital Identity! Why Phishing Preparedness Still Matters We are three weeks away from October, which is Cybersecurity Awareness Month. We're taking these few weeks to do a deeper dive into Phishing and both help explain why it is still a billion-dollar business, and how you can protect yourself and loved ones from being victims.  Phishing isn't a relic of the early internet. It is a thriving industry because it exploits something technology can't fix - human psychology. Firewalls, endpoint detection, and spam filters stop a lot, but they can't stop you from clicking a link if you are in a hurry or not paying attention. Almost 70% of data breaches involve the human. The solution is building resilience through awareness and good cyber hygiene habits. 

    👋 Welcome to Digital Identity! Deepfake-Enabled Phishing   – Emerging attacks now utilize AI-generated voices or videos to impersonate trusted individuals, making the scam even more difficult to detect.

     👋 Welcome to Digital Identity! Smishing (SMS Phishing)   Texts claiming to be from banks, shipping companies, or delivery services. These often push users to click a malicious link, either to steal their login information or download malware.

    👋 Welcome to Digital Identity! Business Email Compromise (BEC)   Attackers impersonate executives and trick finance teams into wiring money. These scams have cost organizations more than $55+ billion globally since 2013, according to the FBI.

   👋 Welcome to Digital Identity! The Access Scam    Fake emails warning that an account has been “locked due to suspicious activity.” Victims click to “restore access,” only to land on credential-harvesting sites.

  👋 Welcome to Digital Identity! Turn on Multi-Factor Authentication (MFA)  -  We use DUO, but if you have the opportunity to have MFA on personal accounts, specifically sensitive accounts like banking, use it. Even if your password is stolen, MFA can block unauthorized access.

   👋 Welcome to Digital Identity! Inspect links before opening  -  Hover over links to see where they actually lead. Look for odd spellings, extra characters, or domains that don’t end in your institution’s official  address.

  👋 Welcome to Digital Identity! Verify through official channels   - If someone claiming to be IT, a dean, or a vendor emails you with a request, don’t respond to the message directly.

  👋 Welcome to Digital Identity! Pause before you click   - If an email or text sounds urgent — “your account will be locked” or “respond immediately” — take a moment. Attackers use urgency to bypass your judgment.

     👋 Welcome to Digital Identity! Data Privacy Awareness You may not have been aware, but this past week was Data Privacy Week, a week dedicated to empowering individuals and businesses to respect privacy, safeguard data, and enable trust. It is only appropriate that this week's tip is on data privacy.  To protect your data privacy, knowing where your personal information is stored and shared is crucial. Here are some key points to consider: Know Where Your Data Is:  Regularly review the apps and services you use to understand what data they collect and how they store it. Limit Data Sharing:  Be cautious about sharing personal information online or with third-party services. Only provide necessary details and avoid oversharing. Review Privacy Settings:  Check and adjust the privacy settings on your devices, apps, and social media accounts to control who can access your information. Read Privacy Policies:  Take the time to read the privacy polic...

  👋 Welcome to Digital Identity! Think Before Posting Online Social media and academic forums are great for connecting, sharing research, or promoting campus life, but they can also expose more than you realize. Posting details about your class schedule, travel plans, research topics, or campus systems can give cybercriminals the clues they need to target you. Attackers often use public information to craft convincing phishing emails or social engineering attempts that seem personal and trustworthy. Before sharing, ask yourself: could this information be used to guess a password, answer a security question, or impersonate you? Keep personal and academic accounts separate when possible, adjust privacy settings regularly, and remember, once something is online, it can be difficult to take back

  👋 Welcome to Digital Identity! Windows 10 Has Reached End of Support — Time to Upgrade Your Defense When an operating system reaches end of life, the vendor stops issuing security patches, bug fixes, and technical support. That means new vulnerabilities discovered after today won’t be fixed, leaving your system increasingly exposed.  We have been advising people who use UTHSC Windows 10 machines that they need to upgrade. If your personal device was purchased before 2018, the hardware in that device cannot handle the software update to Windows 11. We highly recommend updating your devices to a supported operating system.  Once security updates stop, any zero-day vulnerability or exploit could leave your device and data at serious risk.

  👋 Welcome to Digital Identity! Check Your Browser’s Security Settings To start Cybersecurity Awareness Month, the tip today is about your web browser. Whether you use Chrome, Safari, Firefox, Edge, or others, most have a selection of security settings. Give yourself additional protection against malicious attacks. Choose higher levels of security. These settings can block certain types of scripts from running and reduce the permissions settings of the websites

  👋 Welcome to Digital Identity! It only takes one time.   Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages after reporting.

    👋 Welcome to Digital Identity! Social media is part of the fraud toolset.   By searching Google and scanning your organization’s social media sites, cybercriminals can gather information about your partners and vendors, as well as human resources and  finance departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payments, or share PII on social media platforms.

    👋 Welcome to Digital Identity! Stay up to date.   Keep your software updated to the latest version available. Maintain your security settings to keep your information safe by turning on automatic updates so you don’t have to think about it and set your  security software to run regular scans.

   👋 Welcome to Digital Identity! Don’t make passwords easy to guess.   As “smart” or data-driven technology evolves, it is important to remember that security measures only work if used correctly by employees. Smart technology runs on data, meaning devices such as smartphones, laptop computers, wireless printers, and other devices are constantly exchanging data to complete tasks. Take proper security precautions and ensure correct configuration to wireless devices in order to prevent data breaches.

  👋 Welcome to Digital Identity! Never Reuse Passwords If you reuse passwords, a breach of one account becomes a breach of all of your accounts. If you use the same password for all of your accounts and a single account is breached, all of your accounts will become vulnerable. Always use completely unique passwords for each of your accounts. Don’t use variations of your password for separate sites, such as a base password that has a single alteration each time; these can be guessed

    👋 Welcome to Digital Identity! When in Doubt, Throw It Out Links in email, tweets, texts, posts, social media messages, and online advertising are the easiest way for cybercriminals to get sensitive information. Be wary of clicking on links or downloading anything that comes from a  stranger or that you were not expecting. Essentially, just don’t trust links. It is very much OK to delete them!

    👋 Welcome to Digital Identity! Watering Hole In a watering hole attack, a hacker infects a legitimate website that their targets are known to visit. Then, when their chosen victims log into the site, the hacker either captures their credentials and uses them to breach the target’s network, or they install a backdoor trojan to access the network. 

   👋 Welcome to Digital Identity! SMS Phishing SMS phishing is becoming a much larger problem as more organizations embrace texting as a primary method of communication. In one method of SMS phishing, scammers send text messages that spoof multi-factor authentication requests and redirect victims to malicious web pages that collect their credentials or install malware on their phones.

  👋 Welcome to Digital Identity! Be On Guard Against Unknown People Asking For Sensitive Data Social engineers may try to trick you into giving away sensitive information, such as user login names and passwords or credit card numbers. They may pose as authorized users or members of a security firm, for example. Remain on guard and verify the identity of any person making an unsolicited request before you give away information by phone, email, or in person

  👋 Welcome to Digital Identity! Protect Your Identity By Keeping Your Social Media Presence Clean On your social media accounts, minimize the amount of personal information that you display. In particular, minimize how visible your information is to any untrusted individuals. This way, those who are not approved to be your friend or contact on the platform will be less likely to view your personal information. Most sites offer this as a privacy option in the settings for your account. 

  👋 Welcome to Digital Identity! Don’t Become a Victim Twice to Identity Thieves Fake identity theft recovery services will target victims of identity theft. Hang up on these scammers. After an incident of identity theft, you may get a call from a telemarketer offering to help you recover your stolen money or offering a service that will help secure you from future identity theft. These telemarketers are con artists who specifically target victims of identity theft. They will not recover your money; they will simply ask you to pay them for their services and will take additional money from you. Hang up immediately. Don’t become a victim twice! 

  👋 Welcome to Digital Identity! Parental Controls Aren’t Just for Kids Parental controls are generally used to protect children from certain things on the internet, allowing them to browse freely without the risk of coming across harmful content. But they can be used by adults to protect themselves from potential security risks too. Delve into the specifics of parental control settings — such as blocking gambling sites — and make use of their customizability to tailor your browsing experience and take the pressure off. 

  👋 Welcome to Digital Identity! Check those Emails for Generic Greetings Scammers can be sloppy. Bad phishing attempts might say something like, “Dear long-term customer, we’d like to invite you to …” or another wide swing at getting you to click a harmful link. So expect the full customer care treatment. Any business that’s legitimately sending you an offer or useful information will use your first name, at the very least, and probably your last name for more serious communications

   👋 Welcome to Digital Identity! Know Who’s Listening Have you ever said the word ‘seriously’ and heard the familiar ding because Siri thinks you are calling it? Many smart speakers are set to always listen for certain keywords. That makes them highly responsive, but it can also create privacy concerns. If you are not using them, or are having a sensitive conversation, consider unplugging them or powering them off to stay safe. If the application is on your phone or mobile device, turn off the application under its settings.

  👋 Welcome to Digital Identity! Information Leaks Can Happen Accidentally Accidents happen, but they can also be disastrous. Accidents, such as accidentally leaving data in an unsecured place, are a leading cause of information leaks. Always be conscientious about your actions when you are dealing with confidential and sensitive information. If you have accidentally caused a data breach or data loss, contact the Office of Cybersecurity immediately.  If the breach or loss is your personal information, contact the company that houses that information, i.e., your bank, Don’t try to resolve the problem on your own.

  👋 Welcome to Digital Identity! Warnings about Installing Software This week’s tip is a warning about being cautious when installing software. Say you bought TurboTax to use in your tax preparation. During the software installation, there is a screen that states you will be installing other software, such as antivirus, browser extensions, or other applications that have paid the original software company to bundle together. You have to uncheck the boxes NOT to install the additional, unwanted software. Also, most phones allow you to add apps to them manually, without using traditional stores such as Google Play and the Apple App Store. While these apps may seem useful, there’s no reliable way to tell if they’re completely safe. It’s best to avoid side loading apps altogether unless you’re completely sure the app is legitimate. Final word  don’t install anything you are not 100% sure about.

  👋 Welcome to Digital Identity! Be Cautious on What You Are Feeding ChatGPT and Other AI Applications By now, you’ve probably heard about ChatGPT, and other artificial intelligence (AI) applications that talk to you in real, natural language  conversation style. You might have tested it out, asking it to create a story, write a document for you, or just answer a question. However, a new report states that 4% of employees globally input sensitive information into this large language model. So this week’s tip?  be careful about what you type in. KnowBe4 reported some interesting  findings  regarding the use of these AI applications. The concern is that these applications will store this sensitive data and incorporate it into later answers or discussions. An example given was someone who inputted their company’s entire strategic plan into ChatGPT asking it to create a PowerPoint presentation. ChatGPT now has all that information.