Increased Fraud Activity
Dear UTRGV Community,
Although this email is lengthy, it's helpful for us all to occasionally be reminded about scammers and their tactics to deceive us.
From November through tax season, scammers increase their activity. With the use of artificial intelligence (AI), phishing and other fraudulent emails are becoming harder to spot. This is why we all must get better at identifying fake emails. While the university is constantly improving our phishing and fraudulent email detection tools, nothing beats good old-fashioned human common sense. You are a critical link in preventing the spread of phishing attacks.
UTRGV emails are equipped with multi-factor authentication (MFA) to help prevent compromised account takeovers. The FBI estimates that 80% to 85% of all common phishing-based compromised credential attacks are stopped by MFA. However, MFA is useless if people do not "Stop and Think Before You Click" and accept an MFA prompt due to an attempted account take over. MFA fatigue is real; users get tired of the prompts and click 'yes' without thinking, allowing scammers to gain access to their system and take control.
To combat MFA fatigue, consider what you are doing before clicking yes. If you did not just log into a system that requires MFA from the device you are using at that moment, it is most likely a fraud. You will know right away if you were sent a legitimate request, as you will not be able to access the system you are trying to use at that moment. Remember, MFA is a prompt that happens as you are trying to log into an MFA protected system. There is no such thing as a delayed MFA request or a routine MFA request to keep you logged in.
Keep in mind:
- If an email sounds too good to be true, it most likely is.
- Anyone asking for your user ID and password is a scammer.
- Anyone offering a check to deposit and then asking you to send money back is a fraudster.
- Anyone offering an unbelievable part-time job that pays a high amount is most likely a scammer.
Scams and their messages are getting better. AI can be used for good or bad, and it is up to you to determine if an email is reasonable.
Remember, UTRGV will never:
- Ask you to enter your username and password in an email or text message. If asked, it is 100% a scam.
- Ask for your user ID and password over the phone. You might be asked for your username, but never your password. If this happens, report it to the Information Security Office or email abuse@utrgv.edu.
- Send you an unsolicited offer for a great part-time job via email or text. Report the email, and if you want to verify it, contact HR, Student Employment, or the Information Security Office. Never click on the link.
The government, especially the IRS, does not call, email, or text you to pay a fine. Verify the communication by looking up the agency's phone number online and calling to check its legitimacy. You can also request a letter in writing.
As a general rule, stop and think before clicking a link or giving away personal or confidential information, including your user ID and password. Scammers create a sense of urgency or make you think you will miss out on an opportunity or get in trouble. Don't fall for it. Verify the contact information yourself and call to check it out first.
While it's impossible to cover every scam, remember when in doubt, do not click. You are the most important person in protecting yourself and others online.
Mistakes happen, but scammers are only successful if you fall for the scam. If you do, immediately change your passwords to all important accounts, especially your UTRGV account, and report the issue to abuse@utrgv.edu.
Thank you and if you have any questions, please feel free to contact the Information Security Office. Our phone number and additional contact information can be found on our website (remember to verify for yourself the contact information). You can go to any web browser and type in UTRGV Information Security Office, and it will pop up with a link to our office. This is just an example of how you can verify the contact information before clicking a link.