What is Social Engineering?
Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer systems.
-Being equipped to decipher a legitimate email from a malicious email is a learned and very valuable skill
-Bad actors can use email, internet, phone, or snail mail to gain illicit access to your organization
-Types of Social Engineering attacks: phishing, spear phishing, CEO fraud, and social media
-More than 90% of successful attacks begin with a phishing email
-Human error is the weakest link in any organization as it pertains to cybersecurity
-The best defense against Social Engineering attacks is user education
What do I look for when trying to determine if an email is legitimate or malicious?
-Be wary of any email stressing urgency in a matter
-Always ask yourself “am I expecting this email from this person?”
-Disregard any email notifying you of an account lockout. You should never, under any circumstance, click on a link within an email and provide personal credentials
-Disregard any email asking you to “Update Account”
-Be suspicious of any email asking for payment information
-Disregard any email with poor grammar, broken sentences, or multiple misspellings
-Just because an email references you by name never assume its authenticity
-Never open an attachment within an email unless you are 100% sure of its authenticity. If in doubt, please contact the ITS Help Desk
What is Phishing?
How To Recognize Phishing
How to spot suspicious URLs (web addresses) with an email
-Email Security Best Practice always says to never click on any link within an email. The reason for this is because more than 90% of all attacks begin with a phishing email. While there may be the rare exemption to this rule, always be mindful when examining links within an email. The links within this email are 100% safe and are being used for information purposes.
-A common phishing ploy is to send an email that seems as if it comes from your bank or financial institution. These emails usually instruct victims to “verify your information” by clicking on a link. Even of the link looks legitimate, never click on it – always visit your bank’s website by manually typing in the address in your browser
-The hover trick. Sometimes scammers make it appear as though a link is taking you somewhere legitimate (example www.chase.com). If you hover over the link with your cursor, a little box should appear telling you where the link is actually taking you.
Password tips
-Never use simple passwords. Don’t use personal information (spouse’s name, child’s name). This information is easily researchable and available to bad actors
-Consider using passphrases. The more diverse characters you use (upper case, lower case, numbers, special characters), the harder your password will be to crack or guess. An example of a passphrase that is easily remembered would be the sentence “I like sunny day walks”. You can translate that sentence into a passphrase such as $uNNYdayWALKs!!
-Passphrases are easier to remember than a random set of symbols and letters combined
-Using a passphrase instead of a password will ultimately give you some peace of mind when going about your daily business while using a computer. Just ensure that the phrase you choose is easy to remember but preferably not a common quote or song that can be guessed.
-Never recycle old passwords
-Never share your passwords with anyone
What is Social Engineering?
Social engineering is the art of manipulating, influencing, or deceiving you in order to gain control over your computer systems.
-Being equipped to decipher a legitimate email from a malicious email is a learned and very valuable skill
-Bad actors can use email, internet, phone, or snail mail to gain illicit access to your organization
-Types of Social Engineering attacks: phishing, spear phishing, CEO fraud, and social media
-More than 90% of successful attacks begin with a phishing email
-Human error is the weakest link in any organization as it pertains to cybersecurity
-The best defense against Social Engineering attacks is user education
What do I look for when trying to determine if an email is legitimate or malicious?
-Be wary of any email stressing urgency in a matter
-Always ask yourself “am I expecting this email from this person?”
-Disregard any email notifying you of an account lockout. You should never, under any circumstance, click on a link within an email and provide personal credentials
-Disregard any email asking you to “Update Account”
-Be suspicious of any email asking for payment information
-Disregard any email with poor grammar, broken sentences, or multiple misspellings
-Just because an email references you by name never assume its authenticity
-Never open an attachment within an email unless you are 100% sure of its authenticity. If in doubt, please contact the ITS Help Desk
What is Phishing?
How To Recognize Phishing
How to spot suspicious URLs (web addresses) with an email
-Email Security Best Practice always says to never click on any link within an email. The reason for this is because more than 90% of all attacks begin with a phishing email. While there may be the rare exemption to this rule, always be mindful when examining links within an email. The links within this email are 100% safe and are being used for information purposes.
-A common phishing ploy is to send an email that seems as if it comes from your bank or financial institution. These emails usually instruct victims to “verify your information” by clicking on a link. Even of the link looks legitimate, never click on it – always visit your bank’s website by manually typing in the address in your browser
-The hover trick. Sometimes scammers make it appear as though a link is taking you somewhere legitimate (example www.chase.com). If you hover over the link with your cursor, a little box should appear telling you where the link is actually taking you.
Password tips
-Never use simple passwords. Don’t use personal information (spouse’s name, child’s name). This information is easily researchable and available to bad actors
-Consider using passphrases. The more diverse characters you use (upper case, lower case, numbers, special characters), the harder your password will be to crack or guess. An example of a passphrase that is easily remembered would be the sentence “I like sunny day walks”. You can translate that sentence into a passphrase such as $uNNYdayWALKs!!
-Passphrases are easier to remember than a random set of symbols and letters combined
-Using a passphrase instead of a password will ultimately give you some peace of mind when going about your daily business while using a computer. Just ensure that the phrase you choose is easy to remember but preferably not a common quote or song that can be guessed.
-Never recycle old passwords
-Never share your passwords with anyone