October is Cyber Security Awareness Month, a crucial time to highlight the importance of protecting our digital lives. With cyber threats on the rise, it is essential that everyone stays informed and vigilant. Join the Information Technology Division (ITD) over October in spreading awareness and adopting best practices to safeguard your personal and professional data.
Understanding social engineering and phishing
Protect yourself from cyber threats
The primary aim of a phishing attack is to trick individuals into disclosing sensitive information, such as login credentials, financial details, or personal data, by posing as a legitimate source. However, not all phishing attacks are focused on data theft. Some are designed to persuade victims to download malicious software (malware), which can compromise the security of their devices or networks. This malware can then be used to gain unauthorised access, steal information, or disrupt systems. Whether aimed at gathering information or distributing malware, phishing attacks pose significant security risks.
Even though ITD has systems in place to help protect against this type of attack. There is no guarantee that all attacks will be detected and stopped.
Responding to a phishing email, and providing your UL username and password will not only disrupt your email access and personal security, but potentially has serious consequences for the University – such as blacklisting of our email servers causing email bounce backs affecting other users and can also cause reputational damage and data protection concerns. In addition, dealing with phishing attacks places significant demands on ITD, and resources which would be normally assigned to strategic projects have to be reassigned to deal with the impact of these incidents.
Social engineering involves manipulating individuals into divulging confidential information. To avoid falling victim to a cyber scam, always verify the identity of the requester, be cautious of unsolicited communications, and never share sensitive information without proper verification. Social engineering is commonly used to enable the delivery of malicious software onto target systems.
Phishing Awareness
Best Practices: Always verify the sender’s email address, avoid clicking on suspicious links, and report any suspected phishing attempts to the Information Technology Division.
Password Management
Best Practices: Strong, unique passwords are your first line of defence. Avoid using the same password across multiple sites/ personal accounts.
Software Updates
Why It Matters: Updates often include security patches that protect against vulnerabilities.
Best Practices: Regularly update your operating system, applications, and antivirus software.
Secure Wifi
Best Practices: When using Wifi in a public place, only connect to secure networks such as the Eduroam network on campus in UL. Avoid public Wifi for sensitive transactions.
Data Backup
Why It’s Crucial: Regular backups ensure you can recover your data in case of a cyber attack.
Best Practices: Safeguard important data like photos and key documents by backing them up to an external hard drive or a cloud-based storage system such as OneDrive.
- When using Wifi in a public place, only connect to secure networks. For example, when on campus in UL, all staff and students should connect to the Eduroam network using their UL email and password.
- Avoid connecting to networks with misspelt names like “Cafe Geust” instead of “Cafe Guest.”
- Avoid wifi networks that don’t require a password to gain access.
- If connecting to a wifi network in a café or other public area, users should manually disconnect the wifi network after use to prevent automatic reconnection.
Mobile phone security threats
Malicious Apps and Websites: Mobile malware and malicious websites can steal or encrypt data on mobile phones, just like on traditional computers. Common malicious apps include trojans that perform ad and click scams.
Mobile Ransomware: This type of malware locks users out of their mobile devices and demands a ransom, often in cryptocurrency.
Phishing: While phishing on desktops typically starts with malicious emails, most mobile phishing occurs via SMS, social media, or other apps.
Jailbreaking and Rooting: Phone owners sometimes use ‘jailbreaking’ to gain administrator access to their iOS and Android devices to remove unwanted default apps or install apps (often from untrusted sources). However, this increases the risk of data breaches by removing many of the built-in security features of the operating system, making your device more susceptible to malware and cyber-attacks.
Spyware: Spyware collects and uses private data without your knowledge. It targets information such as call history, text messages, location, browser history, contacts, emails, and photos. Cybercriminals can use this data for identity theft or financial fraud.
Lock your device: Use a PIN, password or pattern.
Install trusted Apps: Only download apps from official sites such as the Apple AppStore or Google Play. Look for the official app logo.
Update regularly: Keep your operating system up-to-date.
Avoid suspicious links: Don’t click on links or attachments from unknown emails or texts.
Track your device: Use tools like Find My iPhone or Android Device Manager.
Be Smart on Socials
Social media platforms are great for connecting with friends, sharing experiences, and staying informed. However, they also present various cyber security risks. Protecting your personal information and maintaining your privacy is crucial to avoid falling victim to potential cyber-attacks.
Here’s some advice for staying safe on socials:
- Restrict location tracking: While location tracking can make our devices more convenient, it also introduces vulnerabilities. Hackers can exploit location data, so it’s wise to turn off location tracking whenever possible. Deny location tracking when prompted by apps or websites, or restrict it to only when you’re actively using the app or site.
- Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your accounts.
- Adjust privacy settings: Limit who can see your posts and personal information.
- Be cautious with friend requests: Only accept requests from people you know.
- Avoid oversharing: Don’t post sensitive information like your address or travel plans.
- Beware of scams: Be wary of suspicious messages and links. If something sounds too good to be true, it probably is!
Cyber scams to watch out for in 2024
Scammers are constantly evolving their tactics to deceive people for financial or personal gain. Here are four scams to be aware of in 2024/25:
AI-Enhanced scams: Cybercriminals use AI to create convincing texts, emails, and deepfakes, impersonating trusted figures to trick victims into sharing sensitive information or money.
QR code scams: Cautiousness is the best way to avoid QR code scams and reduce security risks. Avoid scanning random QR codes, and scan one only if you must. Scammers can use fake QR codes to initiate phishing attacks, steal your credentials or financial information so you should always verify the source before scanning. If you think you have accessed a fraudulent site and given away financial information contact your bank immediately. For most QR codes, a URL will pop up when you scan them. Look at the URL carefully and open it only if you trust it.
Peer-to-Peer payment fraud: In recent years there has been a significant rise in the number of peer-to-peer (P2P) payment scams. Scammers exploit popular payment platforms with overpayment scams, fake payment notifications, and two-step authentication scams to steal money and credentials. Always double-check details before transferring money and never send or accept P2P payments from people you don’t know.
Phishing attacks: Be cautious of emails or messages that ask for personal information or direct you to suspicious websites.
In recent years there has been a significant rise in the number of peer-to-peer (P2P) payment scams. Scammers exploit popular payment platforms with overpayment scams, fake payment notifications, and two-step authentication scams to steal money and credentials."
