To Catch a Phish: Tips for Cyber Security Awareness Month

Top up your cybersecurity survival kit with the Office of the Chief Information Security Officer.

Image for Post

Top up your cybersecurity survival kit with the Office of the Chief Information Security Officer (CISO)! October is Cyber Security Awareness Month, and we're challenging you to look closely at the evolution of cybercrime and check that you've kept up.

The first password you ever made was probably just that: a word. Then companies asked you to add a number. That turned into adding a number, a special character, and a capital letter. Now, we've moved on to the next generation of passwords: passphrases.

A passphrase is a password that is composed of a sentence or combination of words, preferably with some special characters and numbers thrown in to make it more complex. An example is LukeLovesSt@rWar$. The phrase "Luke loves Star Wars" is easy to remember for the user, but hard to guess for the hacker, especially with the added characters.

Unfortunately, many users suffer from password fatigue, the confusion and frustration people feel when they have to remember a multitude of unique passwords. That's when the bad habits start: recycling the same password over and over, writing passwords down on sticky notes, and creating easy passwords that anyone can guess.

A password manager alleviates that fatigue. It's a tool that stores and retrieves all your passwords in an encrypted cyber vault that can only be opened by your master password, which acts as the decryption key. Without the key, your other passwords remain encrypted and safe from hackers.

The password manager you decide on will come down to personal preference. Cost, features, and security are all important factors to weigh, along with general useability. To get you started, the CISO has investigated four top-rated password managers and created a comparison chart.

Most people recognize the infamous Nigerian Prince email scam, and even if it's never crawled its way into your inbox, you've almost certainly come across a slew of pop culture references. But what about this one?

Good morning Jamie,

Please find attached the 2019 financial activity report for your perusal.

Thanks & regards,

Ms. Sharon Mosley
Westmount Day School

They addressed you by your name. You work with Westmount Day School. You've met Ms. Sharon Mosley, and it wouldn't be unusual for her to send you a financial activity report. Everything seems safe - but this is actually a phishing email.

Phishing is when a fraudulent email is sent from a seemingly legitimate organization or person in an attempt to convince individuals to divulge personal information, such as passwords or credit card numbers. Links in phishing emails will often take you to phoney sites that encourage you to send personal or financial information to these criminals, and attachments can contain malware or ransomware.

Phishing emails can look legitimate; that's why so many people fall victim to them. A parking services phishing scam recently happened at the U of A; we have tips for what to do if you receive such an email.

The most important thing to remember is to stay constantly vigilant online, especially when using email, and follow the CISO's tips to catch a phish.

In January 2019, Google's Jigsaw unit created a phishing quiz that will test your ability to recognize a phishing email. Take the test and see how you measure up.

Technology is always evolving, and so are cybercriminals. You need to evolve right along with them. The farther you get left behind, the more you're opening yourself up to a serious data breach.

Ready to evolve? Check CISO's website for the latest information on how to stay safe online.

October is Cyber Security Awareness month, an internationally recognized campaign held each October to inform the public of the importance of cyber security. For more tips on how to keep your data safe, visit the University of Alberta's Chief Information Security Officer's (CISO) website.Chief Information Security Officer's (CISO) website.