By Jad Omar
UNIVERSITY CITY, SHARJAH – The American University of Sharjah’s Information Technology Security Department has announced tips at the start of Cybersecurity Awareness Month in October to help students be aware of “social engineering attacks” and keep their information and accounts safe.
IT Team Leader Reem Sobeih stressed that the university’s IT staff is constantly at work trying to protect the AUS network from threats. Her department’s advice for Cybersecurity Awareness Month includes cautions about several forms of “phishing” attacks, which are misleading communications with the goal of stealing a recipient’s information or money.
In its October email, the IT Security Department also advised AUS community members that “If you believe you are the target of a social engineering attack, stop all communication with the attacker and report the incident immediately.”
Phishing Emails
Phishing emails occur when someone sends an “infected” link that can give them access to a person’s account or personal information. It can fool a person by claiming the recipient has won a prize; that a password somewhere needs to be changed or user data updated; or that their “package is being delivered” and asking the recipient to provide further details. The links usually contain a virus. One way to spot these attempts is by making sure who sent the email, which may give a general greeting instead of using the recipient’s name.
Spear Phishing
Instead of random emails, spear phishing targets specific people. They research their victim and personalize the email, making recipients more likely to be fooled. The messenger will pretend to be a friend or co-worker. These emails usually convey a sense of urgency to pressure people to click on the link. The IT Department advises staff and students to make sure that the email is university or work related and doesn’t come from a personal account.
Vishing (phone calls)
Phone calls pretending to be someone the recipient trusts, or a well-known company, is known as vishing. People using this manipulation tactic ask for personal information without proving who they are. These attackers usually urge the recipient to “help them” with something financially. The IT Department urges staff and students to always verify who is talking to them before giving out any personal information.
SMS Phishing
SMS phishing is when someone sends misleading messages that cyber-attack the recipient’s phone by just replying to them. The IT Department advises to not reply to these messages and delete them.
