Cybersecurity isn't something to think about just once a year — it needs to be top of mind year-round.

Still, with October marking National Cybersecurity Awareness Month, it's the perfect time to spotlight the importance of staying vigilant in an ever-evolving digital landscape. Whether you're a student, faculty or staff, understanding how to protect your data and devices is essential to keeping our campus community safe.

"Phishing" is a cybersecurity term that's becoming increasingly familiar, but it's important to understand what it really means. It involves a bad actor — someone with malicious intent — posing as a trusted source, usually via email, to trick you into providing personal information such as usernames and passwords or credit card numbers.

This email message may contain language that suggests a sense of urgency — urging you to "act now," for example — and may contain links that appear legitimate but should not be clicked. This link may lead to a fake login page designed to steal your credentials or other information.

If you receive an email to your UARK account that appears to be a phishing attempt, alert IT Services by clicking the three-dot icon on the righthand side of the email. Hover over "Report," then click "Report phishing."

In the same vein as phishing, "smishing" and "vishing" are related terms that are new, but it's important to understand the risks they represent.

Smishing is a term used to describe phishing attempts done over SMS text message instead of email.

Vishing refers to attempts conducted verbally over the phone. You may get a phone call and think you're talking to a real person — they sound real, at least — but it can be a fake voice on the line, attempting to extract personal information from you over the phone. Vishing attempts can also be made by voicemail.

The best way to combat smishing and vishing attempts, when suspected, is to simply ignore the text message or hang up on the caller. Take steps to report the numbers if you feel the need.

Beyond phishing, smishing and vishing, another growing threat is social engineering, especially as artificial intelligence tools become more sophisticated. Social engineering involves a bad actor using AI to gather a large amount of data about you, building a profile and using that profile to try to build your confidence and trust.

This could involve someone reaching out with a fabricated scenario to obtain information or baiting you with something enticing in exchange for the information.

Stay aware of these risks to protect yourself not just this month but year-round. Learn more by attending one of the cybersecurity events still taking place this month at the U of A.

National Cybersecurity Awareness Month started in 2004, with 2025 being its 22nd year. Cybersecurity is a fundamental part of the U of A's commitment to protecting the academic and personal integrity of its students, faculty and staff.