Check out this video from the U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) on four things you can do to stay safe online:
Tag Archives: CybersecurityAwarenessMonth
Avoid Becoming a Social Engineering Victim – Four Questions to Ask Yourself:
Social engineering is a scam where a cybercriminal attempts to trick someone into taking an action against their own best interests. Usually, the action results in the victim providing confidential information (like their login information) or installing malware on their computer. Most social engineering attacks have four common traits, which signal a far higher likelihood of a scam if all are present.
Long Image Description:
Did the message arrive unexpectedly? Yes. Is it the first time the sender has asked you to perform the requested action? Yes. Does the request include a stressor, such as “You need to do this now”? Yes. Can performing the request harm your interest? Yes. If you answer yes to all of them, you should go out of your way to confirm the request is legitimate. Use a trusted method like calling or texting the sender before taking any action.
Not every message with these four traits is absolutely a social engineering scam. Our email inboxes, voicemail and postal mailboxes are full of unexpected requests; that is life. But when these four traits are present, stop, look, and think before you act!
Phishing and Social Engineering
Phishing and social engineering campaigns are still a top source of ransomware and other malware[1].
Phishing is a type of cybersecurity attack where malicious actors send messages pretending to be a trusted person. Social Engineering is the psychological manipulation of people into performing actions like installing malicious software, clicking a malicious link, or divulging sensitive information.
Reduce your chances of your falling victim to phishing attacks!
Beware of messages that:
- Do not clearly identify themselves or their company
- Come from an email address that does not match the company’s domain
- Do not give full contact information such as the title of sender, the company’s physical address, or phone number
- Make too good to be true offers with no strings attached
- Ask to pay an upfront fee or asks you to transfer money for them
- Ask to give your credit card or bank account numbers
- Ask to send copies of personal documents
- Remember: DO NOT provide any personal information, especially Social Security numbers or financial information. Legitimate companies would not ask for this information over the phone or email.
If an email looks suspicious, do not respond and do not click on any links or attachments. When available, “Report phishing” to block other suspicious emails.
[1] 2023 Verizon Data Breach Investigations Report (DBIR)
Please send any questions or concerns to Simmons Information Security Officer, Kristen Howard, or the Technology Service Desk.
October is CyberSecurity Awareness Month
See Yourself in Cyber. #BeCyberSmart.
Even though cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This month we focus on the “people” part of cybersecurity, providing information and resources to help everyone make smarter decisions whether on the job, at home, or at school.
4 Things You Can Do to #BeCyberSmart
- Enable Multi-Factor Authentication (Learn more about SharkPass/Duo at Simmons)
- Use Strong Passwords (Learn more in our Information Security Policy)
- Recognize and Report Phishing (Visit the phishing information website)
- Update Your Software (Read more about how to check for software updates on your MacOS, Windows, Android, or iOS device)