FAQ

Contents:

  1. What do I do if I get a suspicious email?
  2. Who do I contact if I think my login credentials were compromised? How can I report a fraudulent email or other information security issues?
  3. How can I tell if an email is fraudulent?
  4. How can I tell if a link within a message is fraudulent?
  5. What is ransomware?
  6. How can I send sensitive electronic information securely?
  7. How did phishers get my email?
  8. What are the ways my password can be stolen?
  9. What is the easiest way for a cyber-attacker to hack into an organization like ours?
  10. What should you do if you receive a phone call you believe is a social engineering attack?
  11. What is the best way to discard sensitive information?
  12. What is the best way to discard electronic records?
  13. What are my options for storing documents with sensitive information?

-----

  1. What do I do if I get a suspicious email?
    • Delete the message.
    • Don't click on the links or open attachments. Instead, check the company's website by typing the URL in your browser or call the company directly (or the person if it’s from an individual).
    • Don't fill out any emailed forms that ask for personal or financial information.
    • Don’t log into websites via a link you received in email.
    • Important: If you receive a suspicious email at work, report it to the IT Service Desk: servicedesk@ucop.edu
  2. Who do I contact if I think my login credentials were compromised?
    How can I report a fraudulent email or other information security issues?
    Use the “Report an Incident form” or email servicedesk@ucop.edu
  3. How can I tell if an email is fraudulent?
    No reputable organization, including UCOP, will ask for any of the following information via e-mail:
    • Your account credentials and password.
    • Personal information such as age, social security number, or home address.
    • Check out the "Phishing" section of this handout for additional warning signs.
  4. How can I tell if a link within a message is fraudulent?
    Commonly, phishers put a link in their messages that looks valid but actually goes to a fake or copycat site. By hovering your mouse over the link in the email (but not actually clicking on the link), you may be able to see where it actually directs you. This can be faked, though. The best way to proceed is to go to web pages via a path you know is legitimate instead of clicking on links in messages.
  5. What is ransomware?
    Ransomware is a type of malicious software (a.k.a malware) that locks the victim out of their computer or files – often by encrypting them – until a ransom is paid. For additional information and ways to protect yourself, see this article.
  6. How can I send sensitive electronic information securely?
    There are several options:
    • Important note: If you need to send Personally Identifying Information (PII) or Personal Health Information (PHI), contact the IT Service Desk for approved options.
    • Files can be shared via Box and Sharepoint.
    • Files can be sent via UCOP's SAFE tool. Note: SAFE is approved for PII and PHI.
    • Sensitive email may be able to be sent securely via Outlook's secure message feature. Contact the IT Service Desk to see if you are able to send email securely using Outlook's "Secure:" subject line feature.
  7. How did phishers get my email?
    Email addresses are easy to find. Your email address may have been obtained from an online directory, compromised computer, social media site, publication, etc.
  8. What are the ways my password can be stolen?
    There are many techniques that can be used to acquire someone's password without their permission. Some common techniques include:
    • Tricking someone into revealing their passwords, known as social engineering. A common method is to call someone and pretend to be from the IT department. Sometimes malicious emails and websites are used to trick users into divulging their passwords, a technique known as "phishing".
    • Stealing usernames and passwords from insecure systems, such as a poorly secured website, and using those passwords to gain access to more sensitive systems.
    • Automated or manual guessing using dictionaries and password lists, known as a "brute-force attack".
    • Guessing a password based on your personal information, such as a birth date, child’s name, pet's name, etc.
    • Malicious software or hardware devices known as "keyloggers" that capture the input from the keyboard.
    • Intercepting network traffic, also called "sniffing". Passwords sent in plain-text (no SSL/https or other encryption) can be discovered in this way. Public Wi-Fi is a notorious source of "sniffed" passwords and information.
    • Simply observing someone while they type their password, known as "shoulder surfing". This is especially a risk in libraries, coffee shops, computer labs and other public areas.
  9. What is the easiest way for a cyber-attacker to hack into an organization like ours?
    Target our organization's people through social engineering techniques.
  10. What should you do if you receive a phone call you believe is a social engineering attack?
    Try to get the caller’s name and contact information, then hang up the phone and report the incident.
  11. What is the best way to discard sensitive information?
    UCOP Mail Services offers document shredding services for UCOP departments. Reasonable quantities of materials are shredded free of charge. Please contact Mail Services when you notice the bin is completely full.

    The Franklin building shredder bin locations are as follows:
    • 5th floor: 1 in Audits and 1 near Men’s Restroom
    • 6th floor: 1 near freight elevator in Mail Room
    • 7th floor: 1 in cubicle #7324A
    • 8th floor: 1 in OGC print/mail room
    • 9th floor: 1 near Women’s Restroom
    • 10th floor: 1 near Women’s Restroom
    • 11th floor: 1 outside room #11117
    • 12th floor: 1 near freight elevator

    Other UCOP building locations, please contact your department supervisor for shredder location.
  12. What is the best way to discard electronic records?
    Verify that the retention period for the records has lapsed (http://recordsretention.ucop.edu/) and there are no records holds on the records, then delete the file from its folder location and empty the computer’s “Recycle Bin”.
  13. What are my options for storing documents with sensitive information?
    The ITS department offers both Box and Sharepoint for online storage. If you need to store Personally Identifying Information (PII) or Personal Health Information (PHI), contact the IT Service Desk for approved options.