Protect yourself from cyber security threats | Mechanical and Mechatronics Engineering Information Technology

Cybersecurity word with different images related to security

Here are some ways that you can protect yourself against threats that make you vulnerable from cyber attacks:

1. Phishing

2. Weak Passwords

3. Unauthorized access to your data and device vulnerability

4. Scams

5. Spoofing

1. Phishing

What is phishing?

Phishing is the act of contacting people via telephone, email or text message while impersonating government or business officials with the intention of stealing private information and data to commit identify theft and financial theft.

Financial spear phishing threats are referred to as fin phishing. Read more about this growing threat.

How do I identify a phishing attempt?

When you receive call, email, or text message, always consider whether they are legitimate.
If anything looks suspicious, do not open attachments or reply to the message.
Suspicious email should also be forwarded as an attachment to the Security Operations Centre (SOC).

What can I do to protect myself against phishing attempts?

Use email spam filters to block out potentially harmful emails.
Think before you click on links in messages that appear to be from legitimate senders but are urging you to provide your personal or financial information.
Use an anti-virus software to help your devices detect malware and phishing attacks

2. Weak passwords

four red open locks with the writing of weak password security breach

What do I need to consider when choosing a password?

Use a complex password that uses a combination of letters, numbers, and special characters.
Avoid using information that is commonly known about you (birthday, pet's name, etc.).
Use a passphrase instead of a password.
Passphrase: a password made up of multiple words.

What is two-factor authentication?

Two-factor authentication is an extra layer of security that requires you to verify your identity using a mobile .device before allowing you to login.
Always use two-factor authentication when possible.

What are some password best practices?

Use different passwords for each account.
Manage passwords using a password manager.
Do not save passwords or enter your personal information onto non-secure websites (URLs should begin with https://).
Learn more about password standards.

3. Unauthorized access to your data and device vulnerability

unauthorize access from a unknown user to a computer

How do I keep my personal devices safe?

Install an anti-virus software on your computer to defend yourself against cyber threats.
Do not store unencrypted files containing personal information such as usernames and passwords on your computer.
Don't leave your devices unattended in public areas.
Don't access your bank or work accounts on public computers.
Make a habit of updating your software regularly. Patching commonly exploited third-party software will foil many attacks.
Don't store your admin password close by your computer.

How do I keep my personal devices safe?

Install an anti-virus software on your computer to defend yourself against cyber threats.
Do not store unencrypted files containing personal information such as usernames and passwords on your computer.
Don't leave your devices unattended in public areas.
Don't access your bank or work accounts on public computers.
Make a habit of updating your software regularly. Patching commonly exploited third-party software will foil many attacks.
Don't store your admin password close by your computer.

How do I keep my data secure?

Only use and download software authorized by the University of Waterloo.
Cloud services (Office 365, Dropbox, iCloud, Google Drive, etc.) should not be used to store sensitive information.
Learn how to secure your device - Lock it down.
Keep an up-to-date backup of your most essential data

4. Scams

Beware of upfront fees

Many scams request you to pay fees in advance of receiving goods, services, or a prize. It's illegal for a company to ask you to pay a fee upfront before they'll give you a loan.
There are no prize fees or taxes in Canada. If you won it, it's free.

Protect your computer

Watch out for urgent-looking messages that pop up while you're browsing online. Don't click on them or call the number they provide.
No legitimate company will call and claim your computer is infected with a virus.
Some websites, such as music, game, movie, and adult sites, may try to install viruses or malware without your knowledge. Watch out for emails with spelling and formatting errors, and be wary of clicking on any attachments or links. They may contain viruses or spyware.
Make sure you have anti-virus software installed and keep your operating system up to date.
Never give anyone remote access to your computer. If you are having problems with your system, bring it to a local technician.

Be careful who you share images with

Carefully consider who you're sharing explicit videos and photographs with. Don't perform any explicit acts online.
Disable your webcam or any other camera connected to the internet when you aren't using it. Hackers can get remote access and record you

Don't give out information

Don't provide or confirm any information, including:

Any account numbers
Any information about equipment in the office (e.g., make and model of the printer, etc.)
Your user name and password
Your student id
Any other sensitive data

Know who you're dealing with

Watch out for invoices using the name of legitimate companies. Scammers will use real company names like Yellow Pages to make the invoices seem authentic. Make sure you inspect invoices thoroughly before you make a payment.
Compile a list of companies your business uses to help employees/students know which contacts are real and which aren't.

Spoofing

Envelope with a thief on a ladder changing the from of the email address

Email spoofing is the creation of email messages with a forged sender address. The core email protocols do not have any mechanism for authentication, making it common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message.

Is your email address sending spam email?

If your email recipients complain of having received spam messages from your email address, it is most likely caused because your email account has been compromised or spoofed. Similarly, if your inbox is being filled with bounce back messages from emails you do not remember sending, your account has been compromised or your address is being spoofed. Most spam messages, which have been sent or look to have been sent from your address, will generally bounce back to your actual email account due to not finding any recipient, thus filling your inbox.

Unfortunately, there is currently no perfect solution to prevent the propagation of spam and no way of preventing spammers from spoofing your email address when sending their spam, however you can follow our tips below to increase your security.

Email address being spoofed

Email spoofing is when an email's identifying fields, such as the From, Return-Path and Reply-To addresses are modified to appear to be from someone other than the actual sender. This technique can be used for legitimate reasons, however is popular among spammers. By spoofing legitimate addresses, a spammer increases their chances of a victim opening a spam email and clicking on their malicious links. If a spammer sends out emails and spoofs your email address, any spam emails which are rejected by a recipient server may bounce back to your email address.

How did they get hold of my email address?

They may have purchased your email address from a list of email addresses used by other spammers;
A trojan or virus may be currently operating on your computer. Such a device generally operates without your knowledge accessing email address books or collecting key stroke data.

The best method to prevent your email address from being spoofed is to keep your email addresses private and off of message boards and websites where it can be easily picked up and placed into a spam list.

Unfortunately, if your email address has already been spoofed, there is no simple immediate method to prevent the bounce backs from arriving into your inbox. Typically you need to wait for the recipient servers to realise they are being sent spam and to stop bouncing the emails to your legitimate email address.

Email account compromised

If your email account has been compromised, it means a spammer has obtained your email account username and password and is sending spam using your credentials. You should change your email password immediately to cut off their access and take steps to ensure your computers are secure.

Read our article on password security
Change your password
Scan your computers for malware and viruses

Once your passwords are updated and computers secure, all spam emails will cease being sent. If you've taken these steps due to receiving spam bounce back emails, these bounce backs will not stop arriving immediately. This is because the bounce backs are returning from emails which were sent prior to you updating your passwords.

The spam emails will cease bouncing back to your address within 24 hours. In the mean time, you may setup a temporary filter within your email software to automatically trash these bounce back emails to prevent them from bothering you.

Ideally you should also have an anti-virus program installed on your computer and upgrade it every time updates are available.