October is Cyber Security Awareness Month
Information Security Starts With You!
Cyber Security Awareness Month is an internationally recognized campaign held each October to inform the public of the importance of cyber security.
The university’s Information Security and Compliance Team uses a number of tools to ensure your data is as safe as possible, but it is important that every individual who uses the network be aware of the tricks cyber criminals use to access our valuable information.
Over the last three years, the university has implemented a phishing simulation program to help staff and faculty recognize suspicious emails. This year, we are extending the program to students.
Monthly phishing simulations
Starting this October, some students will receive a suspicious looking email message in their myumanitoba.ca Inbox. The phishing simulation messages are designed using popular social engineering techniques and contain common markers that identify a suspicious email message.
These tests will continue every month to the end of the Fall-Winter school year.
What is phishing?
Cybercriminals use phishing—a type of social engineering—to manipulate people into doing what they want. Social engineering is at the heart of all phishing attacks, especially those conducted via e-mail.
Social engineering is the art of manipulating people so they give up confidential information. Perhaps you’ve seen an email that looks like it came from TD Bank asking you to click on a link, and the link went to a website asking for more personal information? This is an example of social engineering. Attackers will try to fool you into believing they are trustworthy.
Use the checklist below to verify the message. If the message matches one or more the criteria below, DELETE it or forward it to spam[at]umanitoba[dot]ca for confirmation.
Any message from an unknown sender could be a phishing email:
- Does the address match the sender name? If there is no match, it could be a phish
- Is the email signature too generic? If there is only a name or title at the bottom of the message, then it could be suspicious.
- Do the name and URL match? Think before you click. Mouse over links in email to reveal their true URL. If the name and the URL do not match, DELETE the email.
- Does it contain an unexpected attachment? They are a cybercriminal’s #1 choice for spreading malicious software.
- Does that email feel ‘off’ in some way? It probably is. Forward it to spam[at]umanitoba[dot]ca to confirm the message.
- Is it urgent? Slow down. An “IMPORTANT MESSAGE” may be a phishing attempt. Cybercriminals want you to do what you’re told, when you’re told.
Don’t be fooled. Information Security Starts With You!