Social Engineering an effective tactic for cybercriminals
Find out how to protect yourself
October 18, 2024 —
Social engineering is a significant threat in the realm of cybersecurity, but with awareness and proactive measures, you can protect yourself and UM. Remember, the first line of defense against social engineering is you. Stay vigilant, stay informed, and stay secure.
What is Social Engineering?
Social engineering is a manipulation technique that exploits human emotions to gain private information, access, or valuables. In the context of cybersecurity, it involves tricking people into breaking normal security procedures. Unlike traditional hacking, which relies on finding vulnerabilities in software, social engineering targets the human element of security.
Common Social Engineering Tactics
- Phishing: This is the most common form of social engineering. Attackers send emails or messages that appear to be from a trusted source, asking the recipient to provide sensitive information or click on a malicious link.
- Pretexting: Here, the attacker creates a fabricated scenario to steal the victim’s personal information. For example, they might pose as a bank representative asking for account details.
- Baiting: This involves offering something enticing to the victim, such as free software or a music download, which actually contains malware.
How to Protect Yourself
- Be Skeptical: Always be cautious of unsolicited emails, messages, or phone calls asking for personal information. Verify the identity of the person or organization before responding.
- Educate Yourself: Stay informed about the latest social engineering tactics and how to recognize them.
- Use Strong Passwords: Create complex passwords and change them regularly. Avoid using the same password for multiple accounts.
- Enable Two-Factor Authentication (2FA) when available: This adds an extra layer of security by requiring not just a password and username but also something that only the user has on them, i.e., a piece of information only they should know or have immediately to hand.
- Report Suspicious Activity: If you receive a suspicious email or message, report it to IST Service Desk or spam@umanitoba.ca. We can take steps to protect the network and inform others.
By staying vigilant and informed, UM staff and students can create a safer digital environment for everyone.