Cybersecurity

Introduction

Crime is not a new thing, but criminal methods continue to evolve. Bad actors are always working on new ways to trick you into giving out your personal information or money. Technology helps us all do things faster and more efficiently, including the criminals, or bad actors. While it is good to keep current on the latest scams, it is important to know how to recognize a fraudulent email, text message, phone call and social media contact.

Cyber crime can be categorized into two areas. You have pure cyber crime that exists because of computers and the Internet. This is what most people think of when they of when discussing cybersecurity. It is the protection of computers by firewalls, routers, passwords and more; and usually left to the IT professionals.

But there is also enhanced cyber crime. This is crime that existed before the Internet and just uses technology to widen the target area and population. You can think of this as computer-assisted crime. This site will help raise awareness of the type of cybersecurity that we can all use to reduce cyber crime. Just like computers made office workers more efficient, they made criminals more efficient, too.

Only when cybersecurity is on your mind with every email communication, day in and day out, can you be best protected.

Hacking People, Not Computers

Contrary to popular belief, most cyber crime is due to people, not computers. Con-artists have been around long before computers. The advent of email and social media simply gives them better tools with which to ply their trade. Social engineering is the art of getting people to do something that they may not ordinarily do. Aspects of social engineering are used in sales and politics all of the time. While not always bad, social engineering has become synonymous with cyber crimes, especially spear phishing.

Reputable vendors where you have service will never ask you for your password. Do not submit a password on Google Forms. Never share one-time passcodes (OTP) that are used for multi-factor authentication.

Social Engineering Red Flags

Cybersecurity company KnowBe4 has some great articles about social engineering. They hired social engineering expert and former phone phreak, Kevin Mitnick as their Chief Hacking Officer, and he offers his insights on the subject. Take a look at their comprehensive What is Social Engineering page for a detailed look at the subject.

Social engineering can be found in:

email - phishing and spear phishing
phone calls/voice mail - vishing
text messages - smishing
face-to-face - yes, some people still do things the old-fashioned way

Here are some things to look for

Urgent language

Most attempts to get you to hand over your money or personal information include some kind of urgent language to get you to comply.

Warnings of consequences

We all want to avoid inconveniences or problems, so the use of some kind of consequence for non-compliance is used.

Too Good To be True

Offers that just seem too good to be true are almost always scams. The classic Nigerian prince who will share part of his fortune with you if you just help him hide it for a while does not exist. The latest schemes involve high pay/low work jobs. Be careful, these are often sent from a trusted source that was compromised.

These scams often involve you providing your banking information or even "seed" money to get things going, and promise a windfall to come.

Short time-frame for action

Most scams include a warning to "act now" to avoid the consequence or penalty. This is to reduce your time to think about what you are doing.

Asking for Information

When someone contacts you claiming to be from a service provider, business or other entity and asks for information that they should already know -- like your account number or Social Security number -- or something that they have no business knowing -- like your account password or other personal information -- it is a good bet that they are not who they say they are.

Verifying Passwords

You should never have to verify your password. That would be like verifying your house key; you do that every time you unlock your door. Every time you log in, you are "verifying" your password. When someone asks you to verify your password in a place that is not the normal login area, they probably want to steal it.

The HCC Help Desk will never ask you to verify your password or have you type it in a Google Form.

Mobile Phone Attacks

Do not think that you are safe from attacks just because you are using a mobile phone. Smartphones are mini computers, and like any other computer, susceptible to hacks. It is less likely, though, that the phone itself will be compromised, but rather be used as a way to get an unsuspecting user to give out information to a social engineer.

In addition, connecting to a compromised wireless (Wi-Fi) network can allow a bad actor to intercept your information.

Page updated

Report abuse