Friday, February 3, 2023

Over 90% of cyber-attacks start with a targeted “spear-phishing” email or a phone call

That’s right: While bogus emails remain a favored tactic for scammers, phone calls also can trick people into sharing personal information or permitting access to online accounts. 

With tax season here, expect an uptick in scam attempts of all kinds. Consider these examples: 

  • You get a call from someone who claims to hold a position of authority. They ask you to make a payment or take some other action to resolve a fake personal or legal issue.  
  • You’re an IT support professional contacted by someone who claims to use a system you support. They may offer personal information about the user and start with a small request like changing a password. If that’s successful, they ask for more. 

UI security experts have noticed these kinds of attacks becoming more common. Sometimes the motive is money. Other times it’s access to university systems or data. 

Evaluate every single request for personal or work-related information. These steps can help: 

  • Be wary of identity claims: Anyone can claim to be a police officer, a colleague, or even a friend. They can fake phone numbers you may know. Stay vigilant, especially when asked for personal info, data, money, etc. 
  • Insist on calling back: If a phone caller makes a sensitive request, tell them you’ll need to call them back on their organization’s main line (look it up) or a number listed in a reliable resource like a campus directory. If they say you’re not allowed to hang up, they’re probably conning you. 
  • Follow phishing-prevention practices: Phishing emails continue to offer common gateways for bad actors—they can escalate to phone calls or other non-email communications. Follow basic anti-phishing and security practices
  • Ask for help: Whenever confronted by a potential cyber-scam, contact your local IT support, the ITS Help Desk (its-helpdesk@uiowa.edu or 319-384-4357, or the HCIS Help Desk (helpdesk-hcis@uiowa.edu or 319-356-0001) for guidance. 

Cyber-criminals are experts not just in technical weak spots, but also in human vulnerabilities. Like all con artists, they target our natural impulses.  

They understand that victims are more likely to respond if they create a sense of authority and urgency. They know that once a small request is completed, they can move on to their bigger goals. 

Use your wits and your resources to resist their ploys, protect your information and other assets, and help catch them in the act.