Technology has become so ingrained in our lives that we hardly even think about it. But the more ubiquitous our technology use has become, the more prone we are to cyberattacks. Perhaps the hardest thing about avoiding a security breach is understanding what to look for. Hackers have become more sophisticated, and scams are harder to spot. Here are four traps and how to avoid them.

Digital Minefields: 4 Dangers to Look Out For

1. Triggered by Duo

Pitt uses multifactor authentication (Duo) to protect systems containing personal or confidential information. While it can initially seem inconvenient to approve Duo prompt notifications on your smartphone all day long (or once a day, if you use the “Remember me for 24 hours” option), pretty soon it becomes second nature.

And there’s the rub. Many people barely think about when and why they are getting a Duo prompt. Getting a Duo prompt at any time other than when you are actively logging into a system, it should raise the alarm bell. It is a sign that someone has gotten hold of your username and password, and Duo is your last line of defense to declare, “It’s not me!” If you didn’t initiate a Duo prompt, deny it by clicking the red X. Then change your password and alert the Technology Help Desk that your account may have been compromised.

2. Forward Attack

Many people like to forward multiple email accounts to a primary account, so they can check all their messages at once. However, forwarding your Pitt emails to an external account (like Gmail) bypasses the Pitt IT security tools that help to identify, quarantine, and remove phishing attacks before most users ever even see them in their inbox.

If you want all of your email to conveniently display in one spot, add external accounts to display in the Outlook desktop app and/or Outlook mobile app. The accounts will remain separate and only your Pitt email account is visible to Pitt IT’s security tools, but you can check them all in one convenient spot.

3. Camouflaged Emails

Scammers have gotten really good at disguising themselves as legitimate Pitt departments or businesses. With email spoofing, they can use an address that appears to be from a legitimate @pitt.edu professor or department account, a recruiter, or a popular business.

If you don’t know the sender personally and/or didn’t expect the email, check with the person/department directly to confirm the validity of the email, especially if you were asked to log in or send personal or financial information. Remember that all jobs and internships at Pitt ask you to apply through the Pitt talent portal or Handshake – not by contacting the hiring manager directly.

4. Beware the Click

Be wary of links and buttons. There are many real emails with links to your account, a service that requires Pitt Passport authentication, or a recent order. So how do you tell a real email from a scam?

Hover over any links in the email to see where they really go. Be sure you know what the real URL of the site is supposed to be. Familiarize yourself with the real Pitt Passport page and its URL (passport.pitt.edu) so you can spot a fake one without logging in.

Better yet, rather than using the link in an email, type a website URL into your browser manually or use an official app to check your account. Go to my.pitt.edu to connect to Pitt online services. You should never need to click a link or button in an email to access information or complete a task. If you can’t confirm the content of an email by logging into your account independently, just back away from the link without clicking!

Securing Your Online World

As we increasingly integrate technology into every facet of our lives, knowing the landmines before we step on them is more important than ever. Stay informed and be vigilant by understanding common phishing techniques and implementing robust security measures, like strong passwords, two-factor authentication, and antivirus software. If you receive a sketchy email that you think is a scam, report it immediately by forwarding it as an attachment to phish@pitt.edu .

If you do click a link you shouldn’t have or approve a Duo push you didn’t initiate, react immediately.

• Go to accounts.pitt.edu/Password or the compromised account to change your password – if you’re already locked out, your suspicions are confirmed.
• Contact the 24/7 Pitt IT Help Desk or customer service line to let them know your account may be compromised. The faster you react, the less damage can occur.
• Monitor your accounts, credit cards, and bank statements to identify fraud immediately. Consider freezing your credit so no new lines can be opened until you’re certain your identity has not been stolen.

Stay alert and stay safe, Panthers!