Online attackers are actively targeting UC staff: Here’s what you need to know to protect yourself
In recent weeks, online attackers have increasingly targeted UC staff with attempts to steal from them by changing their direct deposit information in UCPath. Dozens of UC employees have fallen victim to these attacks, which use very sophisticated tactics, including stealing usernames and passwords via credible-looking phony websites and spoofing help desks via phone calls and text messages.
The UC community needs to be vigilant and work together to defend against these types of threat actors. If you haven’t already done so, sign up for free identity monitoring through Experian today.
How UC is working to protect you
- Manual verification of direct deposit changes. UC manually verifies all direct deposit changes. This critical safeguard has helped prevent the loss of hundreds of thousands of dollars in employee pay due to fraud.
- Investigation of phishing and fraud reports. UC investigates every report of phishing or fraudulent activity involving UC credentials. If you suspect unauthorized access to your UC account, contact your local cybersecurity team immediately.
- Takedown of fraudulent websites. UC actively monitors for fake websites targeting UC employees and works with domain registrars and search engines to request takedowns. To date, 15 fraudulent sites have been removed or are pending removal through these efforts.
- Ongoing improvements to multi-factor authentication (MFA). UC continues to strengthen its use of multi-factor authentication (Duo) to enhance account protection and reduce the risk of unauthorized access.
Deceptive ways cybercriminals access accounts
Employees are reminded to be aware and suspicious of the following tactics often used to gain unauthorized access to their personal information:
- Malicious search ads leading to fake login pages. Cybercriminals are placing deceptive ads, sometimes referred to as “malvertisements,” in search engine results (e.g., Google, Bing) for terms like “UCPath.” These ads link to fraudulent websites designed to mimic legitimate login portals to steal employees’ usernames and passwords. Since early May, new malicious sites have been appearing regularly, even as UC cybersecurity works to take down existing ones.
- Requests for credentials (username and password). Never provide your UC username / ID or password to anyone. Never share your Duo verification codes or approve Duo push notifications that you did not initiate. These codes and approvals are only for your use when logging into UC applications. If you receive a Duo request you didn’t initiate — whether by phone, text, or app notification — do not approve it. Approving it gives attackers full access to your account.
- Requests for answers to security questions. Never provide answers to security questions to unauthorized applications or persons. Providing these answers allows access to sensitive pages within UCPath that can result in stolen paychecks.
How you can protect your accounts
Your login is valuable — to you and to attackers. Hackers aim to exploit valid user logins to enter systems such as email and UCPath, from which they can access direct deposit information, UC data and other sensitive information. Strong security practices help keep these systems protected. Here’s what to do:
- Pause before you click or enter your credentials. Attackers gain unauthorized access when they are able to distract our focus. Be cautious with links, login prompts, and messages asking for login information. Only enter your username and password on trusted UC login pages — and never approve a Duo push you didn’t initiate, no matter how many times you are prompted.
- Verify the source before you enter credentials. Before entering your username and password, be certain that you are on a login page provided by your UC location. Check email senders, website URLs, and login pages closely. Look for misspellings, inconsistencies, or anything unusual. When in doubt, don’t proceed — report it instead. Attackers may try to mimic legitimate login interfaces — check closely and don’t proceed if the appearance or behavior of the login page is unexpected.
- Bookmark frequently visited UC websites. Bookmark websites that you visit often, such as UCPath, to avoid landing on fake pages from malicious ads or search results. Avoid clicking links from unknown sources or third parties.
Cyberattacks continue to increase in frequency and complexity, and UC cybersecurity teams work around the clock to mitigate risk and protect UC data. We all have a role to play in protecting the UC; err on the side of caution and, if you have the slightest suspicion that something may be potentially threatening, report it right away.
For additional questions or concerns regarding the security of your UC accounts, contact the cybersecurity team at your location.
Get more tips on protecting your data from the National Cybersecurity Alliance.