Cybersecurity awareness means being aware of the dangers that are out there involving emails, text messages, and browsing the internet. By educating yourself with information and being mindful of the risks, you can help yourself stay safe online, both at work and at home.
Cybersecurity threats are everywhere, and cyber criminals are continually looking for ways to get around basic safety measures. The criminals have a common goal: to steal your money and sensitive personal information. They prey on a “click first, think later” mentality. It is vital to keep your virus protection and software up to date. Even with those safety protocols in place, you need to be vigilant and be the first line of defense. Know who and what to trust.
What is Social Engineering?
- Social Engineering uses manipulation to trick people into giving up sensitive information.
- The goal is to lure individuals into providing sensitive data such as social security numbers, bank account and credit card details, passwords, and login credentials.
- Targets are contacted by email, telephone, or text message by someone posing as a legitimate company or person.
- Criminals will either trick you into providing them this information or secretly install malicious software so they can access your computer and take any information they desire.
- Security is knowing who and what to trust – criminals exploit our natural inclination to trust.
- It is much easier for them to manipulate and exploit people than to work endless hours trying to hack your computer.
Social Engineering Examples
Vishing (Voice Phishing)
- The fraudster makes phones calls to the user.
- They may state they are calling from your financial institution, a government agency, or tech support.
- Phone phishing is mostly done with a fake caller ID
Smishing (SMS Phishing)
- Fraudster conducts these scams via Short Message Service (SMS), a telephone-based text messaging service
- A smishing text may attempt to entice a victim into revealing personal/account information via a link within the text that leads to a fake website.
- Phishing scams involving malware require it to run on the victim’s computer.
- Malware is usually attached to the email sent to the victim by the criminal.
- The malware could be contained in a link you are asked to click on or to downloadable files.
- Once you open the link or file, the malware will start functioning.
Fake Search Engines
- User may be directed to business sites that offer low-cost products or services.
- You try to complete the purchase, enter your credit card details and the purchase gets declined or you never receive what was ordered.
- You could have been on a phishing site that collected your personal and card information.
USB Baiting (USB Phishing)
- Occurs when a fraudster strategically places a USB device somewhere, potentially containing malicious code.
- The intention is that a victim will find the USB device and plug it into a computer to see what is on it so it can be returned to its rightful owner.
- Compromised USB drives can be used to inject malicious code, redirect you to phishing websites, or give the criminal access to your computer.
- A type of malware that infects a computer usually because the user clicked on a link or downloaded an infected attachment in a phishing email.
- Malware will transfer and/or encrypt data held on that computer and require a ransom to be paid to retrieve and decrypt the information.
- Ransomware can spread quickly, especially through an organization.
If any email is sent to you and has any of these red flags, verify with the sender to determine legitimacy:
- Does the email contain bad grammar, odd styling, or spelling errors?
- Is the sender asking for personal or financial information?
- Is there a sense of urgency stating you need to act quickly to receive an offer or prevent something negative from occurring?
- Does the offer sound too good to be true?
- Do you know the sender? Is the message written in a style consistent with them?
- Is this email sent at an odd time?
- Does the subject line of the message match the content?
- Is the email sent to an unusual group of people?
- Does the sender’s email address have a suspicious domain?
- Is there a link?
Tips to Remember – Don’t Become a Victim
- Install anti-virus software, firewalls, and email filters. Keep them up to date.
- Set your operating system up to perform automatic updates.
- If you receive an email/text requesting personal, financial, or password information, delete and do not reply.
- Watch out for scammers impersonating companies who initiate calls and offer assistance. Normally, legitimate companies do not initiate calls to provide help, you call them.
- Hover your mouse over any links and be sure the URL you are being directed to is a website you expect.
- Watch out for email domain names. Fraudsters are good at spoofing emails, so it looks like it is coming from someone you recognize but a character in the email address has been changed or removed.
- If the email contains an offer for a product, service or stating you won a lottery or prize, it is most likely a scam. This is especially true if it is coming from a foreign country.
- Always contact a person or company by a trusted email or phone number you have for them. Research a company and use a search engine to get to their website rather than clicking on links or relying on information within an email.
- Slow down – think before you click! Be very careful with emails, text messages and phones calls that convey a sense of urgency. Criminals want you to act first and think about it later.