Cyber Security: It Starts With You

Cathy Ullman is Information Security Analyst for UB, and sadly knows from experience how easily someone can become a target. It all started when the company that held her cell phone contract changed hands.

“The previous cell phone company owner was a trusted family friend,” Cathy told us. “But once the company was sold, it turned out my information was no longer safe.” After receiving a mysterious $9.00 charge from a different cell phone company, Cathy eventually discovered she was the victim of a crime ring out of Buffalo that stole personal information and opened fraudulent accounts.

By the time the problem was resolved, the criminals had racked up $10,000 in charges…all in Cathy’s name. “If I hadn’t noticed that $9.00 charge when I did,” Cathy said, with a tentative pause, “Well, who knows?”

Cathy’s story highlights the need to be vigilant, both with your personal information and in watching for the sometimes negligible signs that your account has been compromised.

During the spring semester of 2014, nearly 600 UBITName student accounts were compromised by malicious attacks. University students are at a heightened risk of becoming targets of being phished or hacked, because of the valuable personal information in their student accounts.

​Michael Behun is UB's Computer Discipline Officer, and he's seen the effects of hijacked student accounts here at UB. That's why he stresses keeping tabs on your accounts. ​“Check your email,” Mike told me. “Sometimes phishers will use your email to send spam to people on your contact list. If that’s happening, you’ll see it in your ‘Sent’ folder.”

UB also monitors and suspends any accounts that appear compromised. If you find that you suddenly can’t log in with your UBITName and password, the university may have changed your password to prevent fraudulent activity. In either case, you’ll need a new password.

When it comes to passwords, the conventional wisdom still holds: complicated passwords are more secure. Mixing letters with numbers and special characters (when possible) is always a good idea. The US Department of Homeland Security offers other helpful suggestions for picking a smart (and safe) password.

Avoid using any information in your password that you might share on social media, like the name of a pet or your significant other.

Cathy also suggests being as conservative as you can with what you post to social networks, because even the most seemingly innocuous things can lead to trouble.

 “Have you ever seen one of those ‘What kind of _____ are you?’ quizzes?” she said. “Or how about those ‘name generators’ where you can find out your ‘biker name’ or whatever? Well, it’s not a coincidence that the questions they ask you, like ‘what street did you grow up on?’ and ‘what’s your mother’s maiden name?’ are the same questions a website might ask you when you’re trying to retrieve your password.”

Because phishing is becoming more sophisticated all the time, it’s crucial to be able to spot the difference between a legitimate email and a well-constructed fake. Remember that UB will never ask you for your password. And if you have any doubts about an email, you can always check UBIT’s information security alerts for known threats.

Even if you’re pretty sure an email or phone call is legitimate, Cathy told me, it never hurts to be careful.

 “When you’re directed in an email to log into any of your accounts, UB or otherwise, always type in the URL of that service yourself,” Cathy suggests. “The same goes for suspicious phone calls; if you’re not sure about a call, you can always hang up and call the company back directly. That way, you know who you’re talking to.”

But beyond UB’s services and networks, each individual must be responsible for how he or she keeps personal information safe online. In a rapidly-changing digital landscape, the only truly effective weapons against the latest tricks in the phisher’s arsenal are to educate yourself, and be deliberate with what you share…and what you don’t.