Social engineering and cyber attacks

By Amy Bennett | October 29, 2018

Most of us know that October is Breast Cancer Awareness Month, but did you know that it is also:

• National Crime Prevention Month;
• Polish American Heritage Month;
• National Dental Hygiene Month;
• National Dyslexia Awareness Month;
• Down Syndrome Awareness Month;
• National Pastor Appreciation Month;
• National Pit Bull Awareness Month; and
• National Cybersecurity Awareness Month.

I had no idea that October was such a popular month! Each issue is important, but the topic of cybersecurity resonated with me. That we even need to have a cybersecurity awareness month is crazy to me; just a few years ago, I was perfectly happy with my flip-phone! The Department of Homeland Security has even identified cybersecurity as one of our most important national security priorities.

We all use our smart devices for our everyday life: texting, shopping, banking, bill paying, working from home, watching videos, sending emails, and even an occasional phone call. According to a survey last January, the Pew Research Center found that 75 percent of all women and 80 percent of all men in the United States own a Smartphone! Those numbers are staggering; it’s no wonder that cybersecurity is such a hot topic for all of us—personally and professionally. 

When I think of cybersecurity, I think of the term social engineering, which basically means that someone is trying to deceive you into divulging your personal information to take advantage of you. Kevin Mitnick, consultant, author, and notorious hacker, describes social engineering as, “…using manipulation, influence, and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits the attacker.” Typical examples of social engineering include phishing, pretexting, baiting, pharming, vendor scams, and vishing.  

Mitnick goes on to say, “People are prone to taking mental shortcuts. They may know that they shouldn’t give out certain information, but the fear of not being nice, the fear of appearing ignorant, the fear of a perceived authority figure—all these triggers, which can be used by a social engineer to convince a person to override established security procedures.”

The StaySafeOnline website states, “The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity and nation’s security are impacted by the internet.” This being said, Marian University takes your privacy and online safety seriously. So, what can you do to enhance your cyber safety? According to Marian University’s assistant vice president and chief information officer, Ray Stanley:

• Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics, be skeptical; never let their urgency influence your careful review.​
• Research the facts. Be suspicious of any unsolicited messages. Know the person emailing you and make sure the “request” is something you’d normally get from the individual or business.
• Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
• Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) have become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
• Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
• Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money, it is guaranteed to be a scam.

According to Stanley, “Cyber Security is everyone’s responsibility. Learn to protect yourself and your family through safe computing practices such as changing your password frequently, using complex passwords and only opening email and attachments from known sources. At Marian University, we have some of the highest technological solutions in place to protect the university’s assets; however, it takes every student, faculty, and staff member to ensure the university is safe from cybercriminals.”