Do You Know the Statistics?
Usually taking the form of an email, text message, social media message or phone call, phishing is a common impersonation tactic that cybercriminals use to steal your personal and financial information. Unlike social engineering that targets a specific individual or corporation, phishing is usually done en masse, sending thousands of messages hoping that at least one of their recipients will take the bait.
Cybercriminals will impersonate corporations or other trusted institutions, such as banks or government bodies.
People you Know (friends, colleagues, employers, etc.)
Social Engineering is conducted by cyber threat "actors" who research and target specific individuals.
These actors will devise a plan to deceive or trick these specific individuals into providing personal and financial information, instead of sending generic messages to thousands of people or attacking devices directly.
What can a Social Engineer look like?
Another Trusted Source
Cyber Scams are More Common than you Think
Phishing: How is it Done?
Criminals (hackers) send out spoof/fake emails to thousands of random email addresses using urgent or threatening language to trick you into responding to their requests for sensitive information.
These emails often have embedded links that will direct you to fake login pages that ask you to update your account information and/or demand your financial information.
Recorded information is then used to gain access to your account. If you use the same password in multiple locations, then multiple accounts can be compromised. The result can be fraudulent emails being sent from your account, cybercriminals gaining access to your computer files and/or your private information, and your identity being stolen.
Communications Security Establishment
Social Engineering: How is it Done?
A cybercriminal does research on search engines and social media to learn more about you or your company.
They send you a message that appears to be from a friend, a colleague, a relative, your boss or a familiar company.
They then trick you into sending sensitive information like your financial data, passwords and/or credit card numbers.
Spot the Red Flags
Watch for the following signs of scams and fraudulent messages.
They are usually followed by a request for personal information, for you to click a link or attachment, or for you to make a money transfer.
Remember: UCalgary, governing bodies and law enforcement agencies will never use messaging or emails to request sensitive information.
IT Service and Support
- IT uses spam-blocking technology which identifies and blocks 85-90% of all inbound email messages.
- This works out to include 99% of the spam directed at University of Calgary faculty and staff.
- Unfortunately, even with the best spam-blocking technology, some spam will get through to your inbox.
This is why it's important to educate yourself on cybersecurity best practices for staying cybersafe.
- DON'T take technical advice by phone, email or messaging from anyone claiming to be from Microsoft or Apple.
- DON'T click on links in an email claiming to bring you to a secure site.
- DON'T provide passwords, credit cards or any personal information in an email. Trustworthy companies, or individuals, will not ask for personal information via email nor will they ask you to do something to your computer.
- DO report phishing scams. If it is an email to your ucalgary.ca account, forward the message through your junk mail tool or forward it as an attachment to firstname.lastname@example.org
- DO regularly check your bank, credit and debit card statements to ensure that all transactions are legitimate.
- DO contact the organization by using a telephone number from a credible source like an independent search or from a bill (never from the suspicious email or text).