Don’t Become a victim!
Here are a few facts that illustrate the dramatic increase in cybercrime; 2,244 cyberattacks happen daily, according to the University of Maryland! Cyberattacks have increased 37% month-to-month due to the COVID-19 pandemic! An estimated $108M in losses are due to scams in a recent 6-month period. Cybercrime is big business—and happens more often than you think! Be aware of the tactics and attacks hackers use on YOU.
Information Gathering
Social media is a gold mine of information hackers use to deceive you and your colleagues, and each piece of additional information gathered increases the odds of a successful attack. Examples of information you should never share on social media include travel plans, the university’s internal processes, or less obvious pieces of information like reports, financial information, and the software used by the university.
Takeaways: Use caution with what you share. Ask yourself if the information you’re about to post will be useful in conning you or your colleagues. Familiarize yourself with the university’s expectations regarding what and how much you share on social media by following your department’s social media policy.
Phishing
The most prevalent tactic used by hackers is phishing. They send emails disguised as known contacts or trusted organizations so that you react without thinking. Their goal is to trick you into giving out sensitive information (i.e., your username and password) or taking a potentially dangerous action (i.e., clicking on a link or downloading/opening an infected attachment).
Takeaways: Phishing attacks are the most common attack due to their effectiveness. Hackers are creative when targeting you, making it difficult to tell if a message is real or fake. Stop, look, and think before you click that link, open that attachment, or share sensitive information.
Pretexting
Hackers often invent convincing scenarios to gain your trust to get the information they want. For example, they’ll call and pretend to be a member of the OIT HelpDesk, mentioning the names of individuals they gathered while researching the university. Then, they will say some updates just released, and they need to validate a few things on your workstation.
Takeaways: Since this attack is convincing and prevalent, be vigilant. Never give information over the phone, in person, or online unless you’ve confirmed the identity of the person asking. You can check by calling the person back using a verified phone number on the organization’s phone directory or main website.