Protect yourself. At home. At UCalgary.
Guard Against Social Engineering
Social engineering is using deception to manipulate individuals into divulging confidential of personal information that may be used for fraudulent purposes. The communication you receive will create fear (an email from your bank), joy (you have won a prize), urgency (boss asks you to purchase gift cards) or other emotions they can use to manipulate you.
- act in support of the their scheme
- provide internal/confidential information about internal processes, workflow or organizational structure
- initiate a change to data, the environment or to trigger a workflow
- bypass protection measures or preventative business, technical or financial controls
- leverage internal trust and authority rather than being scrutinized as an external entity
$$$$$ - to monetize your interaction for their own benefit.
- Do you recognize the person who has approached you online?
- Are you expecting the communication?
- Are you being asked to urgently take action or provide information without an explicit purpose?
- Is the person being elusive about verifying his/her identity?
- Verify the identity of the person on the other side of the communication
- Check for errors in the URL, email ID, user ID
- Always watch for eavesdroppers and shoulder surfers
- Verify the authenticity of the service of good being offered before accepting it
- Look out for peculiar language, generic greetings, too many spelling and grammar errors, and false information
- Know the UCalgary Electronic Communication policy
- Panic or respond to urgent requests without verifying the send details and purpose
- Click on links, download attachments or visit unknown websites without verifying the sender details
- Reveal company information in public spaces
- Ignore company guidelines and protocol
- Reveal or share information with the sender that they should not know, or should already know
Technology that can help
- Install a firewall, which may be able block malicious traffic before it enters your computer. Some operating systems include a firewall, but you need to make sure it is enabled.
- Set your web browser security level to Medium or High.
- Use virus protection software. Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it’s important to keep your anti-virus software up-to-date.
- Keep your computer software current. Install software patches and updates so that attackers can't take advantage of known problems or vulnerabilities, and consider allowing automatic software updates.
- Be cautious when using Peer-to-Peer software.
Common Sense you can Practice
- Change your passwords on a regular basis and make them hard to guess by using numbers and special characters; or use a pass phrase rather than a single password. This includes passwords for web sites that may have been cached in your browser.
- Don't respond to phone calls about your computer asking for remote access – hang up. Scammers will often ask you to turn on your computer to fix a problem or install a free upgrade, which is actually a virus which will give them your passwords and personal details.
- Use caution with email attachments and items requiring downloading. Verify it’s from a trusted source.
- Keep your personal details secure. Put a lock on your mailbox and shred your bills and other important documents before throwing them out. Keep your passwords and pin numbers in a safe place. Be careful about how much personal information you share on social media sites.
- Secure digital files like you would physical files. Store important files in at least two places. If you have UCalgary devices that receive automatic security updates, make sure you save files to your team SharePoint or OneDrive. At home, store extra copies of your personal records on an encrypted external hard drive, encrypted USB key or preferred cloud storage.
- Avoid using public computers or Wi-Fi hotspots to access online banking or provide personal information. At home, make certain you’ve secured your Wi-Fi by using strong encryption, a secure WPA2 password and provide a separate network for guests.
- Review your privacy and security settings on social media. If you use social networking sites, such as Facebook, be careful who you connect with and learn how to use your privacy and security settings to ensure you stay safe. If you recognise suspicious behaviour take steps to secure your account and be sure to report it.
- Be careful when shopping online. Beware of offers that seem too good to be true, and always use an online shopping service that you know and trust.
- Learn what your home assistants may record. Before you purchase a digital device, conduct research to make sure it allows you to change the settings so that the device does not collect your personal information. Also, remember to always review your account privacy settings.