October is National Cyber Security Awareness Month – Brush up on your social engineering knowledge!
CISA’s theme this year is “See Yourself in Cyber,” but half of their content was covered last year, when I shared info about passphrases, MFA, phishing, and how to choose a passphrase manager. This year, we’ve seen more vishing, smishing and phishing than ever, some of it quite effective and dangerous. Therefore, we’ll be exploring the various ways that malicious actors can conduct social engineering against us, how to spot these attempts, and what to do about them.
Before we delve into those topics, however, some quick housekeeping is in order. National Cyber Security Awareness Month (NCSAM) was started in 2004 by the Department of Homeland Security as a way to raise public awareness of information security risks. Since then, the need for this has only increased along with our reliance of technology, and that’s why we participate in it each year.
So what is “Social Engineering” anyway? It’s a fancy term for tricking people. Social engineering may involve emails, texts or phone calls, but it can also be done in person, in broad daylight. The common feature is that the attacker attempts to trick the victim into doing something that they normally would not. That’s also the dividing line between “spam” and “phishing”. Spam is simply unwanted, unsolicited email. Phishing attempts to get you to do something, click a link, call a number, or text someone some info. That means the best defense for all of these attacks is usually trust your gut and obey the rules. There’s a specific need to be aware of hurricane-related scams considering current events.
Over the next three weeks I’ll cover more about these types of threats, and the specifics of how to detect them and protect yourself. In the meantime, please consider this month an open “Ask Me Anything” (AMA) period. If you have a cyber security question or concern, email me with the subject “NCSAM AMA” and I’ll answer your question (if possible/as best I can).
Have a safe, secure and happy October!