Over the past two years, Information Technology Services (ITS) and the information security and enterprise architecture (ISEA) team have held a variety of outreach events to educate the University of Toronto audience about information security. This opportunity to connect with the community one-on-one and in-person is key and often results in event attendees sharing their own information security-related experiences and questions.
While hosting pop-up booths we heard from many students who were victims of social media fraud. One student told us her face was photoshopped to another woman’s body and used as a profile picture on an active Twitter account. Even though the account was taken down after she reported the incident, the student was left wondering who had done this and why they would want to steal her image in this way. In instances like this, do not hesitate to report the incident or user to the social media platform — you have a right to your image and identity. To learn more about safe social media practices, visit our resources page.
In one of our recent panel discussions, a senior systems administrator shared how he fell victim to a phishing scam. He described to the group that normally he would check the sender’s email address before replying to or engaging with any unusual emails. Unfortunately, in this case, he was using an unfamiliar iteration of Outlook (the Android app) and he wasn’t able to easily check the sender’s address. Without thinking, he clicked a link in an email and entered his credentials on the corresponding landing page. He quickly realized his error and acted fast to change his UTORid password.
After hearing so many stories of fraud, phishing attempts, compromised credit cards and more, it’s clear that a listening ear is still the best way to get people to open up about their experiences with information security.
We’d like to hear from you, if you have an information security story you would like to share please contact us at firstname.lastname@example.org.