Social Engineering an effective tactic for cybercriminals

Find out how to protect yourself

October 18, 2024 —

Social engineering is a significant threat in the realm of cybersecurity, but with awareness and proactive measures, you can protect yourself and UM. Remember, the first line of defense against social engineering is you. Stay vigilant, stay informed, and stay secure.

What is Social Engineering?

Social engineering is a manipulation technique that exploits human emotions to gain private information, access, or valuables. In the context of cybersecurity, it involves tricking people into breaking normal security procedures. Unlike traditional hacking, which relies on finding vulnerabilities in software, social engineering targets the human element of security.

Common Social Engineering Tactics

Phishing: This is the most common form of social engineering. Attackers send emails or messages that appear to be from a trusted source, asking the recipient to provide sensitive information or click on a malicious link.
Pretexting: Here, the attacker creates a fabricated scenario to steal the victim’s personal information. For example, they might pose as a bank representative asking for account details.
Baiting: This involves offering something enticing to the victim, such as free software or a music download, which actually contains malware.

How to Protect Yourself

Be Skeptical: Always be cautious of unsolicited emails, messages, or phone calls asking for personal information. Verify the identity of the person or organization before responding.
Educate Yourself: Stay informed about the latest social engineering tactics and how to recognize them.
Use Strong Passwords: Create complex passwords and change them regularly. Avoid using the same password for multiple accounts.
Enable Two-Factor Authentication (2FA) when available: This adds an extra layer of security by requiring not just a password and username but also something that only the user has on them, i.e., a piece of information only they should know or have immediately to hand.
Report Suspicious Activity: If you receive a suspicious email or message, report it to IST Service Desk or spam@umanitoba.ca. We can take steps to protect the network and inform others.

By staying vigilant and informed, UM staff and students can create a safer digital environment for everyone.

IST Communications

Banner Administration pages upgrade coming this November 2024, time to prepare!

Banner Administration Pages & Aurora Self Service will be upgraded to the latest version starting November 15, 2024, at 4:00 p.m. to November 17, 2024, at 9:00 a.m. This upgrade will bring important security enhancements and focus on improving the quality of the Administration Pages & new Aurora Self Service so we can continue to ensure our environment remains up to date and protected against cybersecurity threats.

The Hidden Threats of GenAI

In recent years, the rise of generative AI has brought about numerous advancements in technology, but it has also opened the door to new types of scams. For the UM community, it is crucial to stay informed and vigilant against these emerging threats. Here are some key points to help you understand and protect yourself from generative AI scams.

Bugged, Bothered and Bewildered

Cybersecurity experts are warning of a new wave of cyberattacks from threat actors targeting multi-factor authentication (MFA) systems, known as MFA fatigue attacks. These attacks, also referred to as MFA bombing or spamming, are designed to exploit the very systems meant to protect users from unauthorized access.