Information Security Resources

Generative AI

Generative AI is a subset of artificial intelligence that leverages machine learning techniques to generate human-like content. From writing essays to creating art, generative AI has a wide range of applications. Generative AI has the potential to bring significant benefits to teaching, learning, and research. These tools also come with inherent risks.

Generative AI offers exciting possibilities for universities, but it’s important to use these tools responsibly. By following these guidelines, universities can harness the power of generative AI while ensuring ethical use. The goal is not to replace human creativity and effort but to enhance it.

For details and further information, please read: Guidance on the Use of Generative AI at the Universities of Wisconsin

Benefits of Generative AI

Generative AI can be a powerful tool in the university setting. An example of Generative AI is ChatGPT – a chatbot developed by a private company called OpenAI. Users can enter question prompts and within seconds ChatGPT will produce text-based responses in the form of poems, essays, articles, letters, and more. It can also create structured responses like tables, bullet lists, and quizzes. ChatGPT can provide translation and copy language style and structure. It can also be used to develop and debug software code. New and expanded uses continue to be developed and launched. A similar tool called DALL-E uses AI to create art pieces.

Guidelines for Use

While generative AI can be beneficial, it’s important to use it responsibly. Here are the current UWSA guidelines for use. Additional guidance may be forthcoming as circumstances evolve.

Allowable Use

  • Academic integrity: It is up to each instructor to decide if the use of AI is allowed in any course. If the use of AI is allowed in coursework, then you must provide clear expectations on how students should cite use of generative AI in their work. If adding a prohibition on AI tools to assignment instructions, it is best to suggest that the ‘use of generative AI tools’ is prohibited, as opposed to the use of one particular tool, such as ChatGPT. There are many generative AI tools available today.
  • Intellectual property: Creating an account to use tools like ChatGPT requires the sharing of personal information. Depending on context, the use of ChatGPT may also mean sharing student intellectual property or student education records with ChatGPT under their terms and conditions of use. Individual students may have legitimate concerns and therefore may be unwilling to create an account. Discuss these concerns and consider alternatives. If you will require the use of ChatGPT make this explicit in the syllabus.
  • Privacy: Academic records, such as exams and course assignments, are considered student records and are protected by FERPA. For example, ChatGPT should not be used to draft initial feedback on a student’s submitted essay that includes the student’s identifying information.
  • Data classified as low risk, under UW Administrative policy SYS 1031, Information Security: Data Classification and Protection, can be freely used with generative AI tools such as ChatGPT.
  • In all cases, use should be consistent with UW Board of Regents Policy, RPD 25-3: Acceptable Use of Information Technology Resources.

Prohibited Use

At present, any use of public instances of generative AI tools should be with the assumption that no personal, confidential, proprietary, or otherwise sensitive information may be used with it. In general, student records subject to FERPA and any other information classified as Medium or High Risk (per SYS 1031) should not be used in public instances of generative AI tools.

Similarly, public instances of generative AI tools should not be used to generate output that would be considered confidential. Examples include but are not limited to proprietary or unpublished research; legal analysis or advice: recruitment, personnel, or disciplinary decision-making; completion of academic work in a manner not allowed by the instructor; creation of non-public instructional materials; and grading.

Other Considerations

Accuracy: Generative AI tools are not infallible, and their accuracy is subject to a variety of factors, including:

  • Prone to filling in replies with incorrect data if there is not enough information available on a subject.
  • Lack of the ability to understand the context of a particular situation, which can result in inaccurate outputs.
  • Large data sets scraped from the internet are full of biased data that inform the models.

Implicit Biases: Algorithms used by these technologies can, and do, replicate, and produce biased, racist, sexist, etc. outputs, along with incorrect and/or misleading information.

Confidentiality: All content entered into generative AI tools may become part of the tool’s dataset and inadvertently resurface in response to other prompts.

Personal Liability: Generative tools, such as ChatGPT, use a click-through agreement. Click-through agreements, including OpenAI and ChatGPT terms of use, are contracts. Individuals who accept click-through agreements without delegated signature authority may face personal consequences, including responsibility for compliance with terms and conditions.

How to Spot and Report Phishing Emails

Phishing emails have unfortunately become increasingly common in our daily lives. Cybercriminals use these phishing emails to trick individuals into providing sensitive information such as passwords, bank account details, and credit card information. If you fall prey to a phishing email, you risk identity theft, financial loss, and malware infections. Therefore, it’s essential to learn how to spot these emails and protect yourself from such attacks. Understanding these red flags can be the difference between keeping your data safe or falling victim to a phishing scam.

Tips to spot phishing emails

Here are some tips to help you spot phishing emails.

  1. Suspicious sender address. Phishing emails often come from suspicious email addresses that are not related to the supposed sender. Check the sender’s email address carefully to ensure it is legitimate.
  2. Generic greeting. Phishing emails often use generic greetings such as “Dear Customer” or “Dear Sir/Madam.” Legitimate companies usually use your name when addressing you in emails.
  3. Check the context. Check the context of the email to see if it makes sense. If you receive an email from a bank you don’t have an account with, for example, it’s likely a phishing email.
  4. Urgent or threatening language. Phishing emails often include urgent or threatening language to create a sense of urgency. The email may threaten to shut down your account or take legal action if you don’t respond immediately.
  5. Don’t rely on logos and branding. Phishing emails often use logos and branding from legitimate companies to make the email look legitimate. However, these can be easily copied, so don’t rely on them as proof of authenticity.
  6. Poor grammar and spelling. Phishing emails often contain poor grammar and spelling errors. Legitimate companies typically have editors who review their emails before sending them out, so it’s unlikely that they would contain such errors.
  7. Suspicious attachments. Phishing emails often contain attachments that are suspicious. Don’t download any attachments unless you’re sure they are legitimate.
  8. Hover over links. Hover over any links in the email to see the URL. If it looks suspicious or doesn’t match the supposed sender, don’t click on it.

Steps to take if you receive a phishing email

If you receive a phishing email, here are some steps you should take.

Delete the suspicious email.
Delete the suspicious email from your inbox and trash folder. This will help ensure that you don’t accidentally click on any links or attachments in the future.

Don’t click on any links or download any attachments.
Avoid clicking on any links or downloading any attachments in the email. Doing so can infect your computer with malware or lead to identity theft.

Report the email.
Report the email so the Office of Information Security can investigate the email and take appropriate action.

Create a new email.

Address the new email to phishing@uwsa.edu.

Attach (drag and drop) the original email to the new email. This is an important step because if you simply forward the message, critical information is not passed along.

Provide a brief description of the email in the Subject field.

Send email.

Safe Web Browsing

While most online resources are safe, reliable, and secure, you always need to be aware of cyberattackers who create fake social media profiles, look-alike websites, and dangerous file shares. Without proper caution, attackers can steal your passwords, money, or personal info. They could even launch a cyberattack on organizations.

The defenses developers put in place to keep you and your accounts safe and secure are not foolproof. Therefore, your awareness can help you outmaneuver cybercriminals.

Recognize Unsafe Websites

Anyone can host digital content, including cybercriminals. There are not many restrictions and no one organization verifies that a domain is being purchased for legitimate reasons. Nobody checks to make sure websites are safe before being allowed online.

Unsafe website warning signs include:

  • A domain name that is close to that of a known, trusted domain, but not quite right. For example, a misspelling of the name.
  • Web addresses that do not include the domain name you would expect to see.
  • An invalid security certificate.
  • Sites mimicking well-known brands but with misspelled words or blurry images.
  • A lack of functionality you would expect a legitimate site to have.

Web Browser Security Features

Browsers have built-in features that will warn you if something is not right with a website. Here are just two examples of security alerts your browser may display.

  1. A warning that a site is not secure or cannot be authenticated. This is a serious risk if the site is asking you for sensitive data, like passwords or financial info.
  2. An alert that indicates a site is suspicious or deceptive. It may be suspected of being a phishing website or having malicious software. It may also try to trick you into downloading dangerous programs.

If you see one of these warnings or alerts stating that a site is not safe, don’t go there. Stick with known, trusted websites.

Simple Safe-Browsing Tips

  • Always examine domains closely. Even an extra number, letter, or hyphen is a big concern.
  • Do not interact with a website if there is any sign it is not safe or secure.
  • Avoid clicking links in emails, social media posts, and other communications. Instead, type in known, familiar web addresses yourself, directly into your browser. You can also use addresses you have already bookmarked.

Keep Your Browser Up-to-Date

A good, simple way to stay on top of known security issues is by keeping your browser up-to-date. Check your security settings regularly to make sure you are using the latest software version of the browser.

Terminology: Domain and URL Explained

Domain

  • The “core” name of the website (e.g., “google.com” for Google).
  • Takes you only to the website’s main landing page.

URL (Universal Resource Locator)

  • Commonly known as a “web address.”
  • Includes a domain as well as other identifying information.
  • Takes you to specific content within a website.
  • Tells you if a website transmits data securely. Seeing “https” in a URL is a common indicator.

Text Scam Awareness

Scammers use deceptive text messages to trick individuals into divulging personal data, transferring money, or infecting your computers or devices. These deceptive messages can manifest in many ways, such as phishing schemes, lottery swindles, or even extortion efforts. The aim of these bad actors is to lure you into clicking a link or downloading a file that will contaminate your device with malicious software or mislead you into revealing sensitive financial or personal details.

Fake text messages and scams are prevalent and can trick even the most tech-savvy users. By being vigilant and following the tips on this page, you can protect yourself from falling victim to these scams. Remember, never engage with unknown senders, don’t click on suspicious links, and keep your personal information private.

Types of Fake Text Messages

There are several types of fake text messages that scammers use to deceive people. Here are some of the most common ones.

  • Phishing Scams
    Phishing scams are designed to trick you into giving out your personal information, such as your login credentials or credit card information. These messages usually appear to be from legitimate sources, such as banks or online stores.
  • Executive Scams
    Executive scams are designed to trick you into believing that you are corresponding with an executive/leadership member. These messages ask for various things from money transfers or gift card purchases to simply gathering more detailed information about the organization.
  • Tech Support Scams
    Tech support scams involve scammers claiming to be from a legitimate tech support team or company and asking for remote access to your device.
  • Lottery Scams
    Lottery scams are fake messages claiming that you have won a considerable sum of money. These messages often ask you to pay a small fee or provide personal information to claim your prize.
  • Blackmail Scams
    Blackmail scams are messages that threaten to expose embarrassing or sensitive information about you unless you pay a ransom.
  • Malware Scams
    Malware scams are messages that have links or attachments that will infect your device with malware.
  • IRS Scams
    Scammers may pretend to be from the IRS and threaten legal action if you don’t pay a fine.
  • Romance Scams
    Romance scams involve scammers pretending to be interested in a romantic relationship and asking for money or personal information.

How to Protect Yourself from Fake Text Messages and Scams

Protecting yourself from fake text messages and scams requires being vigilant and taking precautions. Here are some tips to help you stay safe.

  • Don’t Click on Suspicious Links
    If a text message has a link, don’t click on it unless you’re sure it’s legitimate. Hover over the link to see the URL and check if it matches the sender.
  • Don’t Respond to Unknown Senders
    If you receive a text message from an unknown sender, don’t respond to them. Engaging with scammers can lead to more scams and phishing attempts.
  • Use Anti-Malware Software
    Using anti-malware software can help protect your device from malware and viruses that scammers use to infect your device.
  • Be Wary of Unsolicited Offers
    If you receive a text message offering you something that seems too good to be true, it probably is. Be wary of unsolicited offers and don’t give out your personal information.
  • Keep Your Personal Information Private
    Don’t give out your personal information unless it’s necessary. Scammers can use your personal information to commit identity theft or other fraudulent activities.

Tools and Resources to Help Identify Fake Text Messages

There are several tools and resources you can use to help identify fake text messages.

Spam Reporting Apps
Spam reporting apps can help you report spam and scam messages to the FTC and other authorities.

Reverse Phone Lookup
Reverse phone lookup services can help you identify the owner of a phone number.

Caller ID Apps
Caller ID apps can help you identify unknown callers and block spam calls and texts.