April 25, 2024
Learn to navigate the cybercircus
Welcome to the cybercircus, where phishing emails perform malicious tricks, social engineers make your information disappear, and AI deep-fake videos steal the show with illusions. As technology advances further, cybercriminals have become increasingly sophisticated and difficult to detect.
In this digital landscape, it is crucial to be aware of cyberthreats as they target our data, privacy and trust.
*Click, click, click* ... They’re in!
Phishing attacks are a prevalent form of cybercrime, targeting anyone from university students to company employees and even grandparents. When phishing, perpetrators use deceptive tactics that can appear as legitimate links in messages to lure individuals into revealing sensitive information like personal data, passwords or even financial information. Many of these messages can look like job offers, urgent requests from administrators, conference invitations, bank account verification, delivery service actions, and more via emails, texts, QR codes or webpages.
Your friendly next-door neighbour?
Social engineering is a tactic that leverages human psychology to manipulate individuals into revealing personal information or performing an action.
"Using social engineering, threat actors craft phishing messages meant to instil a sense of urgency in the hopes a person will react before having time to think,” says Luigi Riscaldino, cybersecurity and privacy awareness specialist with the UCalgary Governance, Risk and Compliance team within IT. “Social engineers pull at our heartstrings and use a person's fear as motivation to gain access to personal information.”
Riscaldino says individuals can pretend to be your friend and target your compassionate side, then exploit your trust for their own gain.
For example, take your friendly next-door neighbour, Bob. Bob sends you a request on Instagram after meeting a few times in passing. His profile picture looks familiar, and you accept it without hesitation.
Over a few weeks, he engages in conversation online, sharing neighbourhood gossip and asking about your interests and hobbies. One day, he asks if you would like to join the Neighbourhood Watch group and sends a link inviting you to join. You click the link, providing your contact and credit card information and excited to be a part of the initiative. However, unbeknownst to you, the link was malicious, and “Bob” was not your real neighbour, but a cybercriminal using social engineering tactics to gain access to your information.
Hey, did you see that video of you online?
AI deep fake videos and photos can seamlessly blend faces, voices and more into convincing content. From viral videos that never happened to political speeches that raise eyebrows, deep fake content can be deceiving. Riscaldino says it can be very easy to clone someone’s voice from just a three-second clip, which in many cases can easily be found online on social media.
“Technology is getting better and better,” says Riscaldino. “We could get to a point where we would not be able to tell the difference between a real or fake video.”
Taming the cybercircus
As crazy as the cybercircus can get, there are ways to safeguard your information and data online.
“Something as simple as updating your software can save you in the long run,” says Riscaldino. He explains that, although running software updates can seem annoying to some, these efforts continuously improve your system’s security by applying security patches to fix potential vulnerabilities.
Additionally, knowing the signs of when an email or text message seems suspicious is vital. Always hover over any links in suspicious messages and never directly click on them. Verify the sender of the message, make sure you know the person it is coming from and always stop to ask yourself if something seems off.
“The greater your awareness of the signs of cyberthreats and effective responses, the safer your online experience will be,” says Riscaldino. “The only way to win against a cybercriminal is to increase your awareness of the signs of cyberthreats and always remain vigilant.”
For more details on how to safeguard your digital world and protect your personal information, visit IT’s Top 10 Cybersecurity Tips webpage for more helpful information.
Always report cybercrime and threats.
If you are a UCalgary student, faculty or staff member, log in and submit a ticket directly to the cybersecurity operations team. Report any suspicious looking emails in your Outlook inbox by using the “Report” button. For more details on how to report phishing emails, please find more information here.
Remember, most best practices against cybercrime at work can be applied at home, too.
For more information about these and other cybercrimes, visit the Calgary Police Service cybercrime website, or call the non-emergency number at 403.266.1234 to file a complaint and receive a case number.