Three people using digital devices

Cybersecurity protects you from devious people.


 

One of the most insidious kinds of attacks are what's called “social engineering," in which a criminal deceives you into sharing details you otherwise might not. “If your information is out in public view, and if the right person aggregates that information, they can create a complete profile of you and 'spear phish' you—spear phishing being a targeted attack on you," explains Dr. Coulson.

“Ninety-one percent of data breaches come from phishing," in which criminals send groups of people bogus messages attempting to get their credentials. Often the email or text seems to come from a reputable source, like your bank or doctor, says Henry Danielson, an adjunct lecturer at Cal Poly San Luis Obispo and California Cybersecurity Institute technical advisor. “People are lured by communication, social websites, auctions. A big one right now is gaming."

Danielson says the techniq​​ues for scamming people into sharing their Social Security number, passwords and account numbers are getting more sophisticated all the time. Just last week he heard of someone approached by a fraudulent title company asking for money to be transferred. “The title company already had the routing number on the document," says Danielson. “The guy said, 'I didn't give you the routing number yet,' and the person at the title company said, 'Yes, you did, here's the email from you.' And the person said, 'That's not my email.'"

The story is a perfect example of “pretexting," a type of social engineering in which a criminal—who typically poses as a representative of an organization—lies to obtain information. “If you're ever doing any kind of banking or routing money," Danielson stresses, “it needs to be done face-to-face only."

“These students can identify how social engineering is used and share that info so people are not victims," continues Danielson. “This is a huge epidemic and we are really not taking it as seriously as we should."