Last summer’s widespread hacking of several major universities may be behind us, but the effects of knowing that prying eyes were able to infiltrate a secured network is unsettling. Unfortunately, those concerns have only been renewed for one university in the wake of a brand-new, seemingly unrelated data breach.

Investigators have linked last summer’s breach of a handful of University of Virginia faculty email accounts to Chinese hackers, but the latest data breach is far more alarming. Thanks to a phishing email that instructed the recipients to enter their university user names and passwords, more than 1,400 personnel payroll records have been accessed from UVA’s human resource department. While the details of the stolen information aren’t yet clear, payroll records typically include Social Security numbers and birthdates; since the university is providing a year of credit monitoring to the affected victims, it’s very likely that this level of information was compromised.

The days of students hacking into school computers to change their grades may seem long gone. At the same time, 1,400 payroll records are chump change compared to the extent of some notorious data breaches in the past. So what would make hackers go after college faculty members? Apart from the obvious potential for identity theft, there is always the possibility that the information gleaned on a university professor can lead to access to highly sensitive research, as well as the option to pose as that professor in communicating with other researchers to steal information.

Unfortunately, phishing email scams continue to be successful because of the very connected nature of our lives. Even five years ago, receiving an email with instructions to do something unheard of might not have worked, but with so much of our lives going digital, it’s all too easy to fall for a scammer’s tactics.

In order to avoid falling for a scam email, there are a few easy rules to follow. If you refuse to break these rules without verifying it first, you’ll be less likely to expose your entire network to a hacker:

  1. Even if the email looks legitimate, never click on a link or attachment if you weren’t expecting it. The account might appear to come from your family member, your co-worker, or even your employer, but as the UVA personnel hacking shows, a cyberthief can take over an email account and send a virus to everyone in that person’s email contact list.
  2. If you suddenly get an email from someone you haven’t heard from in ages—especially one that contains a link or an attachment—beware. The hacker who stole that person’s email account simply sent the same email to everyone in the contacts list or the sent mail history, which means he had no way of knowing you haven’t emailed this person in years.
  3. Watch out for odd language or poor grammar in an email, but remember that cyberthieves are getting more and more sophisticated. The laughable “Nigerian prince” emails with their “my dearest blessed one” greetings and strangely worded narratives are still out there, but serious hackers are getting better and better at masquerading as someone else.
  4. If you’re ever told that you sent a strange message, there’s an excellent chance your email address was hacked. Change your email password immediately, and monitor your online accounts for any strange