Cybersecurity Tips, Tricks and FAQs

  • What is a social engineering attack?

    Social engineering is an attempt by one or more hackers to take control of your system or steal information. This can happen through various deceptive ways to gain your trust – via email, phone, social media, U.S. mail or direct contact. Examples of social engineering include phishing, spear phishing and CEO fraud.

  • What can I do about social engineering attacks?

    DO:

    • Stay aware and vigilant.
    • If you suspect you are experiencing a social engineering attack, end contact with the person and report the alleged attack to the Cybersecurity Team at [email protected].

    DO NOT:

    • Share your account ID/password with co-workers or anyone – even with IT staff.
    • Store passwords where others can find them.
    • Connect any personal IT equipment such as flash drive, CD, DVD or external hard drive (portable media devices) to a DCH computer, laptop or state network.
    • Save sensitive/confidential data to a flash drive, CD, DVD, external hard drive or other portable device, unless it is encrypted. All DCH flash drives provided for storage of sensitive/confidential data will be issued by OIT and encrypted.
  • What is pharming, spoofing, phishing?
    • Some common malicious attacks today are called spoofing, phishing and pharming. These can all create network fraud especially since they are disguised as common emails or a familiar website.
    • A phishing attack involves a lure (email) that is sent to a prospective victim and crafted to appear authentic, as if it came from a person or organization that the victim knows or could expect to hear from. 
    • A spoofing attack is when an attacker pretends to be someone else in an effort to gain a prospective victim’s confidence, gain access to their system, steal data or spread malware. 
    • A pharming attack is where a victim is unknowingly redirected to a compromised website, and they are tricked into giving up confidential information (for example: payment card data or passwords). 
    • Most lures contain links that send the victim to a web page designed to appear as a legitimate company or organization (such as a bank, social media platform or an email log-in page).
  • What are some ways I can catch and deter phishing attacks?
    • DO NOT CLICK ON THE LINK OR REPLY TO THE SENDER.
    • Never open email that looks suspicious or when the sender is unknown to you.
    • Always check for spelling errors in emails and URL links before you click.
    • Send an email with the phishing or spoofing email or the URL of pharming, to the IT Help Desk.
    • The Help Desk team will log the report so it is tracked and send it to the Cybersecurity Team for investigation.
    • The Cybersecurity Team will contact you directly with the findings and actions to take such as deleting the email.
    • Do not provide sensitive information. Phishing emails might ask for: usernames and passwords, including password changes, Social Security numbers, bank account numbers, PINs, etc.
    • Do not click on any unfamiliar pop-ups.
  • How do I make a report if I think I’ve been a victim?