As we welcome thousands of new students to the University community, we thought we'd take the opportunity to highlight the importance of cyber security and provide tips on how you can help protect yourself and the University from cybercrime.
Incidences of cybercrime have increased exponentially in the UK in the last 12 months and cyber security is a hot button issue for staff and students alike.
What motivates a cybercriminal?
Cybercrime can range from low level vandalism/hacktivism to state sponsored espionage. However, the most common motivation is for financial gain through fraud. Technology presents opportunities for criminals to reach a huge pool of potential victims, without risk to themselves.
The pandemic has greatly exacerbated the situation. With many of us forced to work or study from home, there has been more reliance on technology than ever before, creating a new social normality criminals can use to their advantage.
Everyone is a target
Individuals often feel they are unlikely to be targeted by cybercriminals. However, everyone owns and has access to valuable data. This includes everything from your personal information to your research data or work related data. Even seemingly trivial information can be exploited by cybercriminals to gain trust and conduct Social Engineering attacks.
Universities have been heavily targeted in recent months, with several UK institutions having fallen victim to major ransomware attacks resulting in incalculable financial losses.
Social engineering is the practice of manipulating people so that they give up confidential information (such as school/work login credentials) or do things they shouldn’t (such as authorise a transaction). Cybercriminals use these tactics because it is usually easier to exploit a person’s instinct to trust and be polite than to try and hack software or devices.
If you have seen or read anything about cyber security, you will almost certainly have been warned about phishing. Despite the wealth of available information about phishing, it remains the most prevalent form of social engineering by far and provides the initial entry point for most major cyber-attacks.
One of the most common types of phishing email seeks to harvest login credentials for your accounts (these could be your University or personal accounts) by asking you to click a link and enter your login details into a fake web page.
Once this has been achieved, the cybercriminal can use your account for a range of nefarious activities – from using it to send more phishing, to expanding their access within an organisation and eventually triggering a major attack such as ransomware.
Cybercriminals also phish via phone calls or text messages (known as vishing/smishing respectively).
- Can you spot a phish? Try this Google quiz and find out! https://phishingquiz.withgoogle.com
Money Muling is on the rise in the UK and can drag innocent people into criminality, often without even realising it. Students and new arrivals to the country are both highly targeted groups.
A money mule is a person who transfers stolen money between different accounts, often to different countries, in an effort to hide its true source. Mules are recruited by criminals to receive money into their bank account in order to withdraw and wire it overseas – receiving a commission payment in return.
More than 90% of money mule transactions are linked to cybercrime. Mules are often recruited using fake job ads, social media ads, or direct contact via email.
If caught, money mules can face fines, community service, or prison sentences – even if they were unaware they were committing a crime.
- Read more about Money Muling: https://www.bbc.co.uk/news/business-56334862
Information Security Training for students:
The University of Aberdeen has partnered with iDEA to provide students with an engaging Information Security course.
The course consists of five modules: Cyber Security, Digital Ethics, E-Safety, Safe Online and Social Media Ethics. Each module takes a maximum of ten minutes to complete and awards students a digital badge that they can use across multiple platforms including LinkedIn.
- Be suspicious, especially of unsolicited contact.
- If you are being threatened or urged to act quickly, someone may be trying to scam you.
- Value your information. Never share personal information or University data with people you don’t know and trust.
- Beware offers of easy money. If it seems too good to be true, it probably is.
- Consider your data just as valuable as your cash.
Find out more
You’ll find more information about Cyber Security in Toolkit’s Information Security resource.
Author: Information Security Team, DDIS