Best Practices for the 2021 Holiday Season

Posted in UIS News & Announcements

UIS is staying on heightened alert to continue to guard against cyber attacks and attempts to defraud our community. Based on 2021 law enforcement crime reports, we know that malicious cyber actors often launch serious and impactful attacks during the holidays and over weekends. While UIS is leading the University’s approach to  monitoring and protecting against phishing attacks, malware on our systems, and unauthorized access to our most important data, all Georgetown community members are encouraged to be just as vigilant when it comes to personal cyber threat awareness.

Even tiny cybersecurity mistakes can cause significant damage, both to the University and personally to our community members. Please be vigilant, diligent, and alert this holiday season.

Practice good cybersecurity hygiene.

  • Don’t click any suspicious links or attachments in emails, on websites, or on social media. Phishing scams and similar crimes entice you to click on links and give up personal information like your name, password, and bank account number. In some cases, by clicking on these links or attachments, you may unknowingly download malware to your device.
  • Be especially wary if a company asks you to update your password or account information. Look up the company’s phone number on your own and call the company to verify this is needed.
  • Use multi-factor authentication wherever it is offered (Banking and investment accounts, email accounts, and other important online accounts)
  • Your home WiFi network should have a secure password (and it should not be the same one that came with the modem/router). Configure the security setting for WPA2 or WPA3 – Never WEP.
  • Do not use your Georgetown email address and credentials for personal accounts or sites. Shared identities across platforms are like breadcrumbs that lead cyber thieves straight to your door.
  • Keep both your Georgetown and personal technology devices current with security patches and updates.
  • Report phishing in your Georgetown email account to the Cyber Incident Response Team (CIRT) using the Phishing Reporter button

Know who you’re buying from or selling to.

  • Exercise good judgement when shopping online. Not just for Black Friday and Cyber Monday — always.
  • Check each website’s URL to make sure it’s legitimate and secure. A site you’re buying from should have “https:/” at the start of the web address. If it does not, do not enter your information on that site. Shop from sites that you know and trust.
  • If you are purchasing from a company for the first time, do your research and check verifiable reviews.
  • Verify the legitimacy of a buyer or seller before moving forward with a purchase. If you are using an online marketplace or auction website, check their feedback rating. Be wary of buyers and sellers with mostly unfavorable feedback ratings or no ratings at all.

Be careful how you pay.

  • Never wire money directly to anyone you do not know. Those funds cannot be recovered if they are misdirected or sent to an imposter.
  • Avoid paying for items with pre-paid gift cards. In these scams, a seller will ask you to send them a gift card number and PIN. Instead of using that gift card for your payment, the scammer will steal the funds, and you will never receive your item.
  • Use a credit card (not a debit card) when shopping online and check your bank statement regularly. If you see a suspicious transaction, contact your credit card company to dispute the charge.
  • Make use of your bank’s email and text alert service so you can be notified for certain account activities.
  • Consider using a virtual credit card number when shopping online. If your card issuer doesn’t offer that option, look into companies that do.

Monitor the shipping process.

  • Always get tracking numbers for items you buy online, so you can make sure they have been shipped and can follow the delivery process.
  • Be suspect of any credit card purchases where the address of the cardholder does not match the shipping address when you are selling. Always receive the cardholder’s authorization before shipping any products.
  • Collect deliveries from your front door or driveway as soon as possible. Many shipment boxes are recognizable from afar, so a thief that is cruising your neighborhood may not steal your packages, s/he may be doing reconnaissance on where you have accounts. The next email or call you get from “Chewy.com” asking you to confirm your credit card details may not be who you think it is.