PERSPECTIVES FROM THE CAMPUS

One of the strengths of Indiana is that we bring together a variety of perspectives from the plethora of areas that touch the field of cyber, especially through the colleges, universities, and other institutions of higher education throughout our state. Hence the name "Perspectives From the Campus Series”, we invite experts -- immersed in the pursuit of educating their students -- to offer their knowledge for finding solutions in cybersecurity that benefit all Hoosiers.

In the third installment of this series, David Dungan, who serves as the Executive Director at the Center for Security Services and Cyber Defense at Anderson University, discusses some of the methods cybercriminals use to try and steal your personal and financial information and he’ll share his expertise on what you need to know to stay safe, whether you’re at home, at work, at school, or you're on social media.

By David Dungan

By now, with all the advancements we’ve made with cybersecurity, you might think we’ve figured out how to keep our passwords from being hacked.

Yet, for all of the progress that’s been achieved, passwords are bypassed through the use of password-cracking​​ tools, scamming techniques, and other methods of social engineering. Too often, a cybercriminal only has to use some social skills for an unaware person to deliver the requested information effortlessly.

Social engineering attacks are difficult to circumvent due to the craftiness of modern attackers. These include tactics such as phishing, pretexting, baiting, and scareware. Let’s take a closer look at what we’re talking about, what you should look for, and some tips you can use to better protect yourself, including:

• Phishing
  • Phishing attacks target victims for personal identifying information (PII).
  • The goal is for the attacker to manipulate the victim into releasing crucial information critical to business security and personal security. This usually pertains to social media, finances, and other assets.
  • Phishing attacks usually occur through email but can also be carried out through other communication-focused platforms. Smishing, or SMS phishing,is a branch of phishing that involves the attacker disguising themself as a reputable organization through text messages.

• Pretexting
  • Pretexting is a social engineering attack where the attacker pretends to be a trusted official, family member, or friend of the victim. The attacker attempts to acquire background information on the victim to know some of their real-world connections and relationships to carry out their attack. Attackers can find this information online and on social media such as Facebook.

• Baiting
  • Baiting is an attack used to persuade targets to fall for malicious media.
  • Digital baiting refers to media sent over the internet, sent to victims, and marked as important documents or luring media files. These files are typically embedded with malware capable of harming a user’s device, as well as stealing personal information.
  • Physical baiting involves the attacker providing a storage device such as CDs or USBs to a target hoping the target connects this device to their system. This would give the attacker access to private information of the company/individual, and potentially spread the malware across the network.

• Scareware
  • Scareware is a tactic that uses fear to manipulate targets via phone calls, messaging, or online into disclosing private information, downloading hazardous material, or even visiting unsafe websites.
  • Bad actors can either convince the target to release this information or simply extract critical data through the use of malicious software should the target downloads the malware. This is a huge issue for personal and business security since the stakes are always high.

The most strategic way of combating password breaches is by staying up to date on new methods cybercriminals use. Among the organizations that promote cyber-awareness include Cybersecurity Infrastructure and Security Agency (CISA) and the National Cybersecurity Alliance. These organizations provide timely updates on new cyber threats and tech updates. There are also articles out there, with some easy-to-follow reminders to help you stay protected whenever you're online.