Don’t Fall For It — Keep An Eye Out For These Social Engineering Tactics

October is Cybersecurity Awareness Month and this month we’re bringing attention to the rise of COVID-19 scams, phishing attacks, and social engineering. Your data’s health matters, stay cyber-healthy and take care of your data.

Social engineering… it’s not a new method of study, and it’s not the latest social media network. Social engineering is a collection of methods cyber criminals use to gain access to your personal information. Learn more about this form of attack and ways you can stay vigilant to protect yourself.

What is social engineering?

Social engineering is the act of tricking someone into sharing personal information, such as password or banking information, in order to take advantage of them. Social engineering works on the premise of trust.

What does social engineering look like?

Social engineering can take many forms, here are a few of the most common examples:

• Phishing: a fraudulent email is sent from a seemingly legitimate organization in an attempt to convince individuals to divulge personal information, such as passwords and credit card numbers.
• Spear Phishing: a targeted phishing attack directed at specific individuals or companies. Attackers may gather personal information about their targets to increase their likelihood of success.
• Baiting: works to manipulate a victim’s greed or curiosity and can occur with physical devices or virtual. ‘Bait’ is left for victims, whether a malware-infected flash drive or an online ad that leads to a malicious site.
• Malware: software built to gain unauthorized access to your computer and is often used in attacks like baiting, phishing.
• Pretexting: occurs when a cyber criminal establishes trust with a victim in order to gain personal information. Typically impersonating a coworker or person in authority (police, bank staff, etc) to establish trust and gain information.
• Smishing: using fake SMS (mobile phone text) messages to gain your personal information.
• Vishing: using internet phone services (VoIP) to trick people into providing sensitive personal information such as a credit card number.

How can I protect my data?

1. 1. Secure your email. While spam filters are good, they don’t block everything. Hackers work hard to make their emails look legitimate and to bypass automatic email spam filters. Oftentimes some phishing emails slip through spam filters.
   2. Take stock of your devices. With such a strong integration of technology in our lives it’s important to stay diligent and protect each of our devices from being vulnerable. Keep up-to-date with patches/fixes/updates for each device as they all hold critical information and shouldn’t get into the wrong hands.
   3. Always be mindful of risks. Think twice before you click on links or attachments and never give up personal information whether through email or over the phone.

For more information on cyber security, visit the University of Alberta’s Chief Information Security Officer’s (CISO) website or the Canadian Centre for Cyber Security for additional tips to stay cyber-healthy.