October is National Cybersecurity Awareness Month. So each week of this month, University Technology’s ([U]Tech) Information Security Office will deliver tips, links, articles and more to help keep you cyber-secure.
From the recent Equifax data breach to increased incidents of phishing attacks, cybercrime is on the rise and it can affect anyone at Case Western Reserve University.
Each week will focus on a different theme:
- Week one: social engineering/phishing attacks
- Week two: mobile device security
- Week three: personal security audit
- Week four: Duo Security two-factor authentication
Cybersecurity stats to note:
- Equifax increased the estimate of U.S. consumers potentially affected by its breach to 145.5 million people, while all existing Yahoo users—approximately 3 billion—were potentially affected by the company’s breach.
- Phishing emails, the No. 1 delivery vehicle for malware and ransomware, have a 30 percent open rate—despite nearly 80 percent of people stating one could not fool them.
Week 1: social engineering/phishing attacks
Social engineering occurs when a cyberthief entices you to share your login credentials, bank account or credit card info, social security number or other confidential data, or otherwise perform an action to subvert your security/personal information. Phishing scams are probably the best-known kind of social engineering attack.
Phishing attacks are on the rise. They are the No. 1 delivery system for malware and ransomware, most often in attachments or screen pop-ups.
Commonly seen attacks include:
- Fake invoices
- Fake package delivery notices
- A spoof of CWRU Single Sign-On log-ins
- Hoax sites
- Job scams
[U]Tech’s Information Security Office provides samples of representative scam emails, available to logged-in users.
Be aware that CWRU will never request confidential information through an email.
You should always sign in to the system through Single Sign-On at login.case.edu.
Learn about how common attacks look and read. Be cautious instead of too trusting. Follow your instincts when something appears suspicious, and never click on an attachment you don’t trust.
Send suspicious emails received in your university account to the [U]Tech Service Desk at email@example.com.
If you have fallen victim, take action quickly; change your password and other credentials.
To learn more about what to do against phishing, please visit the Information Security Office site.
The Federal Trade Commission offers a site individuals can review for more information on phishing protection at onguardonline.gov/phishing.