Nick Kelly, Joby James
In recognition of Cybersecurity Awareness Month, we would like to share several best practices to protect yourself and your children online. Families, teachers, students, and schools are often the target of social engineering attacks. Here are some of the tactics we have seen in the wild:
Phishing: Attackers send carefully crafted emails that appear to come from trusted sources. The goal is often to get victims to share personal or financial information or to click on links that lead to malware.
Vishing: Similar to phishing, but the attackers use phone calls. Common campaigns include attackers posing as tech support or trusted personnel to gain access to victims’ computers and sensitive data.
Smishing: Phishing using SMS or text messages as the form of media. Recent attacks include fake political fundraisers or notifications that the victim drove through a toll or red light.
Impersonation: Attackers try to access sensitive information by pretending to be someone in a position of authority such as a colleague, professor, or authority figure.
Baiting: Leaving infected devices such as USB drives in high traffic areas. Unsuspecting victims can plug them into computers and install malware.
Quid Pro Quo: The attacker offers a service in exchange for information. Common campaigns involve attackers posing as I.T. support willing to troubleshoot a problem in exchange for login credentials.
Recognize the Signs of an Attack
Requests for Sensitive Information: Use caution if anyone asks for your personal details, financial information, access to your device or login information to devices or applications
Urgency and Pressure: Attackers create a sense of urgency to rush the victim into taking their desired action, including sharing credentials like passwords or PINs
Authority Figure: Watch for unexpected requests from individuals claiming to be an authority like school administrators or law enforcement.
Tips to Protect Against Social Engineering
Verify Requests:Before providing any information, verify the identity of the individual making the request. Don’t click on anonymized or shortened links if you can go to the official site, or call the person or office to confirm their identity.
Be Skeptical: Use caution when receiving unsolicited requests for information, especially if the sender/caller attempts to create urgency.
Report Suspicious Activity: If you receive suspicious communications, contact your school I.T. department or the vendors who provide your mail client (such as Google or Microsoft). The Federal Trade Commission also has consumer advice regarding email, text and mail.
Stay Informed: Regularly review the latest social engineering tactics and learn how to recognize them.
