New Students

Information Security

Information Security's mission is to promote information security awareness across campus. Their email address is infosec@uttyler.edu.

Phishing Emails

When a student account is compromised, the account is frequently used to attack other students and employees. Different types of attacks may include financial (job offer/gift card scams), malware (malicious attachmetnts), and phishing (account termination emails). Some malicious emails are designed to phish your credentials, whereas others are designed to steal your money.

Forwarding incoming emails from a compromised account to an account controlled by the attacker is a common practice. UT Tyler prohibits Patriots email accounts from being forwarded to a personal account in order to protect the student's private communications and personal information.

Phishing Email Example

Read the following email and see if you notice anything suspicious.

Subject: ACT NOW
Email: xxxxx@patriots.uttyler.edu
Body: An administrative assistant to perform various administrative tasks like making or receiving payment, keeping record and processing paperwork when necessary with a good weekly pay is needed, Please find the position and some basic information below.

Position: Personal Assistant/Book keeper
Type: Part-Time Job
Pay- $400 weekly
Hours: Average of 10 hrs weekly.

This position will be home-based and flexible part time job, YOu can be working from home, School or any location bit.ly/2N2uiot or Click here for further details or to sign up.

Thank you!

Can you identify the clues of this phishing email?

ACT NOW - Sense of Urgency
xxxxx@patriots.uttyler.edu - Sent from a patriots email address
Pay-$400 weekly - Sounds too good to be true
Hours: Average of 10hrs weekly - Sounds too good to be true.
bit.ly/2N2uiot - Beware of links in emails you were not expecting.

Tips to avoid phishing scams

To avoid phishing scams, do not click on suspicuios links contained in emails you are not expecting, do not accept a job that requires depositing checks into your account or wiring a portion to other individuals or accounts, and never purchase requested gift cards for someone who solicits them via email.

Look for poor use of the English language in e-mails, such as incorrect grammar, capitalization, and tenses. Email addresses can be spoofed: just because it looks like it came from a trusted source or fellow student doesn't necessarily mean that it did. Beware of emails threatening negative consequences if unreasonable timeframes are not met.

How to Report a Phish

When you have the email open click on the three dots in the upper right corner of the email.
Scroll down to "Select Security Options".
Select "Mark as Phishing".
When prompted to confirm select "Report".

MFA (Multi-Factor)

Multifactor Authentication (MFA) is an identity and access method that requires two or more forms of identification to access resources and data at UT Tyler. Normally, you identify your identity with a single factor, such as a passowrd, which is something you know. Verifying your identity using multiple factors, like a smartphone or hardware token, which is something you have, prevents others from signing in as you even if they know your password.

Never approve MFA notifications you didn't initiate yourself. They may be fraudulent, unauthorized attempts to sign is as you. Only approve MFA requests you initiate yourself, knowingly and intentionally.

If you receive multiple notifications you didn't initiate, contact infosec@uttyler.edu.

Best Practices

Avoid reusing passwords when you create new accounts, and never disclose your password to anyone for any reason. Always lock your computer and mobile devices when not in use, and log off web sessions (student email) when you are not using them. Emails that contain sensitive information, liek Social Security Numbers, bank information, or health information, should be encrypted. UT Tyler faculty and staff may send an encrypted email to a recipient requesting that they reply and attach documents; the documents sent in the reply will be encrypted. When accessing your account using a VPN, Information Security may follow up with you to verify that your account has not been compromised.

If you have questions about the security of your UT Tyler account, please contact infosec@uttyler.edu.

View PDF Version