By Sam Horowitz, Chief Information Security Officer, and Kip Bates, Associate Chief Information Security Officer
Don’t give up your password or hard-earned money. Don't fall victim to social engineering.
This month, assure your protection by taking action during October National Cyber Security Awareness Month. When you see posters in your departments and articles in The Current, stop and take note.
The most common form of social engineering is phishing. That's when a criminal sends you an email promising something wonderful or threatening dire consequences if you don't take action. Usually, there's a sense of urgency to do something now. With any of these, you should see flashing red lights.
Look carefully at the author's email address. Is it legitimate? Consider the tone. Is it something that is in character for our workplace or from the sender? Be careful when you click links. In Gmail, hover over them. You will see the actual URL in the lower left of your window. Look carefully to determine if the website referenced is what you think it should be.
If the link says it's a UCSB website, but the link ends in something other than .edu, then it may be a phishing message. Misspellings and bad grammar are hallmarks of many phishing messages. Remember the three signs: promises, threats, and urgency.
Some of the university’s suppliers, like Anthem and Health Net, send legitimate messages to members of our community. Be sure they’re legitimate by looking for warning signs and using your critical judgment.
It's not enough to protect yourself from being a victim. You can help protect the rest of the campus community! Mark your message as phishing. In Gmail, you do this by three dots near the date. Select "Report Phishing" if you believe the message is phishing. If it's just an unwanted email that isn't trying to trick you into supplying information, you can click "Report spam." Doing so will improve Google’s ability to filter the messages before they reach other users.
Remember that social engineering messages can arrive by telephone or text message. You need to be vigilant there, too.
Share this information with our friends and family. Follow the UCSB Information Security team on Twitter, Facebook, and Instagram to get more information about protecting yourself from cyber threats. Together, we can keep our corner of the Internet a little bit safer for everyone.
Sam Horowitz, Chief Information Security Officer
Kip Bates, Associate Chief Information Security Officer
For additional information on all platforms search using these hashtags:
- Social Engineering: #seUCinfosec
- Phishing: #phishUCinfosec
- NCSAM: #ncsamUCinfosec