Cybersecurity Awareness

Stay vigilant against social engineering

As we celebrate Cybersecurity Awareness Month, let us always remember that social engineers are adept at manipulating human behavior to gain access to sensitive information or systems, making it crucial for everyone to be vigilant and proactive in detecting and defending against them.

Phishing, vishing, smishing, and quishing are different tactics that social engineers will use to trick people into sharing sensitive information.

Outsmarting the Social Engineers

There are many ways to protect yourself from the social engineering advances of cybercriminals. Be mindful of these methods.

Phishing
  • Think before you click. Do not engage with suspicious emails by clicking on any links or providing any personal or confidential information to the sender. They might contain malware or direct you to credential phishing sites that will attempt to steal your passwords or financial information or install malware on your system or device.
  • For suspicious emails, verify the sender’s identity by calling a known or official number of the sender before taking any action.
Vishing (Voice-Call Phishing)
  • Avoid, where possible, answering calls from unknown numbers as caller IDs can be faked.
  • Always verify the caller’s identity by using a known or official number to confirm the legitimacy of the call.
  • Never share sensitive information over the phone, regardless of where the caller claims to work or even if they know some personal information already.
Smishing (SMS Phishing)
  • If you get a text request to complete a bank transaction, always verify with your bank by giving them a call directly via the number provided on the bank’s official website.
Quishing (QR Phishing)
  • Be aware of scanning QR codes from unknown sources.
  • Treat every QR code as potentially malicious and avoid scanning them.
  • Malicious QR codes are often hidden within attachments such as PDF files to avoid detection.
  • Cybercriminals use QR codes to redirect their targets to malicious websites or prompt them to download harmful content.