Our phishing trip has definitely been an eventful one. The first part of our journey saw us learning about various phishing types and how they’re carried out. We discovered that most phishing attacks follow the same method: asking you to click a link or open an attachment. In rare cases, phishing attacks can occur without you having to actually take action.
We also provided some examples of vishing attacks that you may have been privy to yourself in the past.
Yes, cyber criminals still use this tactic to access your information.
Whenever you get a request to share your personal information, ask yourself the following:
- Why do they need this information from me?
- How are they going to use it?
- Shouldn’t they already have my relevant information on their systems?
- Does this sound too good to be true?
If any request seems untoward, don’t take action and don’t reply. Instead, report it to the organisation that is allegedly asking for the information. If the requester is supposedly from UCT, report it the IT Helpdesk for the necessary investigations to be conducted.
A reminder of tips to consider:
- Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
- NEVER share your password or PIN with anyone – not even an ICTS representative, nor representatives of your bank, mobile network, or other service providers.
- Ensure that your passwords are complex by using a phrase, different languages or numbers, and symbols in place of letters.
- Ensure your anti-virus, operating system, and software applications are always up to date.
- Don’t open attachments unless you can verify the sender and the nature of the attachment.
- Don't open emails of unknown origin.
- Don't click on links in emails if you cannot recognise where the link directs you.
- Re-check links before clicking Search.
- Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
- Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious message differs to the one in the announcement, please report it to the IT Helpdesk at firstname.lastname@example.org. You can report any other cybersecurity issues to the CSIRT at email@example.com.
If something feels phishy, trust your gut and ignore the message or action.
Cool phishing videos that educates with a sense of humour:
- Locally-produced free phishing videos: https://popcorntraining.com/
- No phishing: https://www.youtube.com/watch?v=pgRc8w44XFE
- Keep it private: https://www.youtube.com/watch?v=EuPmIEH8zLg
- Socially cautious: https://www.youtube.com/watch?v=eN4Lc-MtUp0
- Under no pretext: https://www.youtube.com/watch?v=Lk2xHluNcwc
- Powerful passwords: https://www.youtube.com/watch?v=IhlXtBNNuKs
The next part of our journey saw us revisit some of the cyberattacks that took place during the COVID-19 pandemic, which made remote working necessary. Cybercriminals got super creative in exploiting the new normal, playing on people’s emotions to create further panic in an already confusing time.
Some of their tactics included:
- Creating fake websites to capture people’s details or diverting them to fake websites
- Sending an influx of warning emails to entice people to read more .
- Creating fake campaigns to get individuals to donate money. The money went to criminals’ pockets instead of people in need.
And even though the world is slowly getting back on its feet, cybercriminals are continuing with their attacks. That’s why it’s up to each of us to know how they operate and to do what we can to foil these attacks.
- To access your information, cybercriminals need your usernames and passwords. DON’T SHARE THESE WITH ANYONE.
- Never re-use your password for multiple accounts. If one is breached, all of them become vulnerable.
- Opt for multi-factor authentication as an added layer of security. This means that you will first need to enter your username and password. As the second layer of protection, you will then be required to enter an OTP or code that’s sent via SMS or email to your mobile device. Another option is biometrics, such as a fingerprint scan.
- Use a reliable and trustworthy virtual private network (VPN). This gives you privacy when browsing online as it reduces the possibility of you being identified. It also encrypts your connection, which may put off cybercriminals.
Aah! Fake information. We all receive forwarded messages daily. Some are sent with good intentions – such as Word of the Day, inspirational content, or funny memes. Others are voice notes, images, or text messages containing warnings of incidents that happened elsewhere and scams that you need to be aware of. These are usually the messages that you need to be wary of – especially if you don’t know the message’s original source.
Did you know that some videos you receive could also contain malware? When you play the video, it automatically downloads the software onto your device – causing all kinds of havoc, including taking control of the device and locking you out.
Each time you get a forwarded message on social media, you need to ask yourself:
- Do I know the person who is sending this message?
- Where did they get it from?
- Are they notorious for forwarding messages?
- Does it sound too good to be true or too sensational?
- What risks am I taking in playing forwarded videos and voice notes?
- Would anyone actually benefit if I forwarded it on? Or am I just risking contributing to the spread of fake information?
By taking the time to consider your options before acting, you show awareness of the risk of passing on false or malicious content.
The key thing to remember is that you should not believe everything you read, even if it’s from family. Many people don’t realise that they are spreading fake information, but if you stop doing it, then hopefully your contacts will follow suit.
It’s a long battle, but if we all do our bit, we can make a difference.
- Check where the article originates from. Are many news sources reporting the story or just one?
- Don’t read just the headline. Read the whole article.
- Evaluate the facts such as date, time, place, and when it was published.
- Are you being open-minded, or is this article simply feeding your pre-existing belief?
- Is it an April fool’s joke?
- Check out the author. Is he/she new, or well-published?
- View the list of sources used. Check whether the so-called experts quoted are legitimate.
- Snopes: snopes.com/
- PolitiFact: politifact.com
- Fact Check: factcheck.org/
- BBC Reality Check: bbc.com/news/reality-check
- Channel 4 Fact Check: channel4.com/news/factcheck
- Reverse image search from Google: google.com/reverse-image-search