You are here
Be More Cyber-Savvy When It Comes to Protecting Personal Information Online
Social engineering. No, it is not a brand-new course offered at UNLV. It is actually a hot topic among cyber security professionals. Just ask Sean Toomey. The university’s information security analyst says he is seeing an increase in criminals using this new wave of online scams.
“Individuals are more savvy to recognizing a phishing threat,” Toomey said. “Which means criminals are getting better at disguising these attempts.”
According to the U.S. Department of Homeland Security website, a social engineering attack is when a criminal interacts with someone online to obtain or compromise personal, company, or computer system information. Hackers may be unassuming and friendly - posing as a new employee or researcher - however they ask questions to make a connection with individuals, allowing them to divulge sensitive and confidential information.
Phishing, including fake emails, websites, or customer service calls, are a type of social engineering. Instead of cold contacting a person with generic phishing attempts, criminals are now using social media to gather personal data about a potential victim for use in a phishing scam.
“They use information people make publicly available on social media - things like photos, interests, or status - to design phishing attacks that are more personalized and believable,” continued Toomey. “This increases the likelihood of criminals gaining personal information to commit such crimes as identity theft, fraud, harassment.”
Based on the 2018 Data Breach Investigations Report compiled by Verizon, more than 53,000 real-world incidents took place last year, with over 2,200 reported as confirmed data breaches, occurring in 65 countries. The document shows that different industries face a different mix of cyber threats, including social engineering-based attacks.
Criminals are targeting those who are not prepared, and Toomey cautions everyone about oversharing their personal information online. “It is important for everyone to be vigilant and take the necessary steps to secure their technology, data, and personal information.”
So what can the UNLV students, faculty, and staff do in to strengthen their cyber resilience, especially on social media? Individuals need to be cyber-savvy throughout the year. But because October is National Cyber Security Awareness Month, it is also a great time for the UNLV community to take stock of their online security measures. Here are a few things students, faculty, and staff can do to guard against cyber attacks.
Social media best practices:
- Think before you post.
- What you say matters. Think before you click. Approve friend requests with caution.
- Configure your security preferences and check them periodically.
Phishing best practices:
- Never give out or enter sensitive or personal information unless you initiated the contact.
- Look for obvious signs of phishing, but do not rely on them.
- Think before you click. If something sounds unusual, do not click on it.
- Find an official phone number or website to contact the legitimate company or person to follow up on the message.
Sensitive data best practices:
- Store data on protected equipment.
- Never store sensitive data on laptops or mobile devices, including USB and external hard drives.
- Never send sensitive or personal information by email.
- Only keep as much sensitive data as you are obligated to keep.
The university’s Information Security Office is dedicated to fostering a strong security culture at UNLV. It provides students, faculty, and staff with the tools to best protect themselves from social engineering attacks or other cyber threats. For those who are interested, more information is available at it.unlv.edu/smart-computing.