NCSAM CISO Council Blog Post
As it happens, National Cybersecurity Month is in October, when tricks and treats abound, and people are searching for safe ways to enjoy Halloween. Although I can’t help with your Halloween celebrations, I can talk about cybersecurity and ways to avoid falling prey to social engineering and phishing. I know cyberattacks can be frightening but if you are vigilant, there are ways you can protect yourself from cybercriminals’ tricks and not get spooked.
While the national pandemic is creating new challenges at home and at work, cybercriminals see this as an opportunity to further disrupt our personal and professional lives through social engineering scams. These scams use human interaction (social skills) to obtain information about an individual or organization through phone calls, emails, texts, and other online platforms, all while appearing to originate from legitimate sources. Being overly cautious will pay off as these scams become more prevalent.
Cybercriminals love to prey on emotions and anything to do with finances. That’s why you’ll notice campaigns focused on disaster relief, members of your family, and tax refunds, in addition to bank account or computer compromise. Criminals’ level of sophistication has increased, and they are using machine learning and artificial intelligence to build patterns and improve their tactics.
Common forms of social engineering scams include:
- Phishing: Email messages, appearing to be from trusted and reputable sources, that are designed to trick individuals into clicking malicious links, opening infected attachments, or sending financial payments.
- Smishing: Messaging attacks (via SMS, texting, or other messaging platforms) geared towards persuading individuals to click malicious links. Smishing messages are more informal and personal than phishing emails, making it easier for individuals to fall victim.
- Spoofing: Fraudulent representation of information communicated through phone calls, emails, and most notably websites (Web Spoofing). Web Spoofing allows cybercriminals to modify web pages sent to individuals and observe information entered by victims (e.g. social security number and credit card number).
- Brushing: Online vendors utilizing personal information (e.g. a name or home address) to create fake orders, send unsolicited merchandise, and write fabricated positive reviews on their behalf.
- Disinformation Campaigns: Communications of false or inaccurate information intended to raise fear and suspicion relating to topics of public interest (e.g. politics and financial markets).
Please take note of the following prevention and safety tips:
- Confirm email senders are valid before opening attachments and links
- Check for messages that have a sense of urgency or contain grammatical errors
- Contact the source of the electronic communication prior to sending personal or financial information
- Remove unwanted personal data that has been shared on social media platforms
- Verify that the online content that has been received and viewed is from reputable and trustworthy sources
NCSAM may be coming to an end in a few weeks, but that doesn’t mean our cyber awareness should end with it. The best trick against scary social engineering scams is to make cybersecurity best practices a daily priority.
Remember to always do your part and #BeCyberSmart at home, work, and everywhere you go.