Dear UT Health San Antonio community:
Your information security and data protection safety are paramount at UT Health San Antonio, and it is important that we stay vigilant to ensure that our systems remain protected. Recommendations to protect your information are noted below to help each of us secure access to our devices and systems, inclusive of your own direct deposit options.
There has been a recent uptick in text, QR code and phishing campaigns that resulted in the redirection and misappropriation of direct deposit funds. Below is an example related to direct deposit where the bad actors were successful in breaching security:
- Users were successfully targeted through an active/open secure session from prior activity within PeopleSoft or accepted a nefarious 2-factor authentication (2FA) prompt.
- Once the bad actor gained control of the account, payroll direct deposit routing/account information was changed unbeknownst to the user. Two-factor authentication is required for any off-campus PeopleSoft-related actions for this reason.
Earlier this year, the offices of finance, human resources and information technology worked together to employ additional controls to help guard against attacks. The good news is these safeguards appear to be working. That said, we are all allies in safeguarding against these types of attacks, so please consider implementing the following:
- Be sure to log out of secure sessions. When you log into a secure session, whether on or off campus, be sure to log out of the session once completed. This is especially critical with mobile devices as most successful breaches use this method.
- Passwords. Maintain strong passwords/pass phrases, never disclose them and avoid using the same for multiple accounts (Ex: Do not use the same password for UT Health San Antonio, online banking and social media accounts).
- Beware of “2-factor authentication fatigue” with all online accounts. Your accounts for banking, insurance, Amazon, Apple and other online retailers are all potential targets. If you didn’t initiate an action with a particular account, it’s often an attempt to falsely authenticate. These often show up as emails that look authentic. Hover over the email address and/or go directly to the secure website to take an action instead of clicking on links in the email.
- Unsolicited requests for personal information are a clear danger sign. Consider all email requests for your password, username, bank account/routing number or other personal information highly suspicious.
- Be wary of any email offering service upgrades, a storage increase or requesting you to validate user information. This is especially important if you check email on a smartphone or tablet as the formatting on mobile devices often makes it more difficult to visually determine the legitimacy of the message.
- Key indicators of phishing messages include a mismatched sender name, email address or other contact information. The message will urge you to click a link or reply within a short timeframe before terminating or deleting your account or data and often includes poor grammar or misspellings. Even letter characters may look different, such as “a” may be reflected two different ways in the email address.
- If in doubt…don’t. Be extremely cautious of suspicious-looking emails, attachments and links. If you’re just not sure whether it’s safe to click or open…don’t.
Please contact Information Security at infosec@uthscsa.edu and 210-567-0707 with any questions about how to further protect yourself from cybercriminals and immediately report suspicious activity or messages.
We will continue to monitor activity and provide updates as we see upticks.
Thanks for your attention to this very urgent matter,
Yeman Collier
Vice President and Chief Information Officer
Office: 210-567-7052
Email: colliery@uthscsa.edu