Hello, 

Recently, the risk of attacks via RANSOMWARE– blackmail programs. Also a common form is phishing, by sending messages to email. 

For this purpose, please find below a sensitizing information to enable a caution towards digital communication, email or electronic messages. 

 

RANSOMWARE 

Data hacking programs or scripts with the description RANSOMWARE completely block the working environment of the attacked person's computer by performing data encryption, and superimpose a dialog window with information about the instructions on the front view of the working environment of payment (usually through non-traceable payment methods such as the use of crypto-currency, eg BitCoin) so that this data can be decrypted. 

99% of data is unrecoverable. 

Despite efforts to protect the computer network, computer work units or institutional e-mail and information exchange, this is one of the most difficult moments for IT personnel to help solve the problem. 

Therefore, we ask for your increased attention and vigilance when engaging in work environments, with data processed through your computer or personal devices. 

PAY CLOSE ATTENTION BEFORE YOU CLICK!!! 

The most standard way of spreading RANSOMWARE is phishing via e-mail. That is why we ask to be more careful with the personal accounts of the addresses that you own such as Yahoo, Gmail, Hotmail, etc., but especially with the official email accounts that the institutions make available to you. 

You may receive email correspondence with seemingly harmless documents attached. Please make sure that: 

• Do not click on links in email content or open attachments from senders you do not know. In particular, pay attention to cases where attachments are compressed, such as rar or zip.
• Do not send sensitive information such as usernames or passwords via email. Never fill in your bank details or general information. 
• Beware of senders who use domain names (after the@) at first glance suspicious. 

• Be especially careful when opening attachments or clicking links inside email messages flagged by Outlook as spam. 

At the same time, we invite you to be careful with the use of usb-flash drives, as this is also one of the ways of spreading harmful programs, including RANSOMWARE. We invite you to minimize the use of usb-flash drive. 

 

We invite you, just in case, if something seems wrong while working on the institution's computers, to notify us immediately and not to act any further! 

 

PHISHING 

How to recognize phishing! 

Phishing is the most common and widely used method by fraudsters. This form is found in emails or text messages to attempt to steal passwords, account numbers or sensitive data. If they get that information, they may have access to your email, personal data, social media, bank or other accounts. They may also sell your information to or distribute it to other scammers.  

Fraudsters launch thousands of phishing attacks every day – and they're often successful.  

Phishing emails and text messages often tell a story to trick you into clicking on a link (link which sends you to a hacker website) or open an attached document which is in the form of zip., rar, etc.  

You may receive an unexpected email or text message that appears to be from a company you know or trust, such as a bank or credit card or utility company. Or maybe it's from a website or online payment app.  

The message may be from a scammer, who may say they've noticed some suspicious activity or login attempts — that there's a problem with your account or payment information. Due to this problem, you may be asked to confirm some personal or financial information, and this is accompanied by a form to be filled out or includes a fake invoice and you must click on a link (web address) to make a payment but this link contains a virus.  

It might say that you are eligible to sign up for a government refund – it's a scam, a voucher may be offered for free stuff – not true.  

Imagine that you have an email in your inbox, at first glance this email looks real, but it really isn't. Scammers who send emails like this hope you won't notice it's a fake email. 

How to tell if this email is a scam, even though it looks like it's from a company you know — and even uses the company's logo in the header: 

• The email has a general greeting. 
• The email says your account is on hold due to a billing problem. 
• The email invites you to click on a link to update your payment details. 
• The email says that your account is compromised and you need to verify the data by clicking on a link. 

Note that real companies may communicate with you by email, legitimate companies will not send emails or text messages with a link (a link that directs you to an unknown webpage) to update your payment information, or fill out data by placing sensitive information. 

Phishing emails can often have real consequences for people who give scammers their information, including identity theft. And they can damage the reputation of the companies they are cheating. 

How to protect yourself from phishing attacks. 

Your spam filters can keep a lot of phishing emails out of your inbox. But fraudsters are always trying to get past spam filters, so additional layers of protection policies can help. Here are four ways to protect yourself from phishing attacks. 

Four ways to protect yourself from phishing. 

1. Protect your computer by using security software (antivirus). Set the software to automatically update itself to deal with any new security threats. Get an update of the operating system you use (Windows) on your computer or laptop.
2. Protect your mobile phone by setting the update option to update automatically. These updates can give you critical protection against security threats.
3. Protect your accounts using multi-factor authentication. Use a strong password that contains a minimum of 8 characters, including capital letters, lowercase letters, numbers and characters. For example, Security2023!

Some accounts offer additional security by requiring two or more credentials to sign in to your account. This is called multi-factor authentication.  

The additional credentials you need to sign in to your account fall into three categories: your personal information – such as a passcode, a PIN or the answer to a security question, a one-time verification passcode you receive by text, email or from a mobile phone authenticator application; or a security key such as your fingerprint, retina or face scan. 

Multi-factor authentication makes it harder for fraudsters to access your accounts if they get your username and password. 

4. Protect your data by backing it up. Backup data on your computer to an external hard drive or to cloud in the case of the University of Tirana in Microsoft Onedriver. Also save the data on your phone.

What to do if you suspect a phishing attack 

If you receive an email or text message asking you to click on a link or open an attachment, answer this question: 

1. Ignore the received message, in the email option select report phishing.
2. In the case that this email has come to an official address, notify the IT staff to enable the blocking of this email and its reporting to the ISPs. Select the report phish option and if it remains as an email in your email, delete it.
3. Never follow its instructions without consulting an IT personnel.
4. Do not fill in your data or click on email links and never download zip, rar or pdf attachments unknown to you as they may install viruses.

What to do if you respond to a phishing email 

1. Notify an IT expert or IT structures immediately. 
2. Scan your computer using the antivirus you have installed. 
3. If you think a fraudster has your information, such as your credit card or bank account details, go to IdentityTheft.gov. There you will find the specific steps needed to blame on the information you lost.  
4. If you think you've clicked on a link or opened an attachment that has a virus and could harm your computer equipment, run a scan and remove/delete anything that isn't a program you need for your work.