Protect yourself against personalized attacks

During this time of change and confusion, personalized cyber attacks are more common and have a greater success rate.

Here are some tips and resources to help you stay safe when working remotely:

  1.  Get familiar with the different types of social engineering.
  2.  Learn how to spot a phish! The best offence is a good defence!
  3.  Learn about the anatomy of a phish.

If you suspect a social engineering attempt, follow this checklist:

  • Resist the rush: If someone pressures you to act quickly under pressure, it is most likely an attack.
  • Recognize the ‘bag of tricks’: If something sounds suspicious or too good to be true, it probably is.
  • Think before you click: Be cautious: One wrong move could infect your device and spread it to others.
  • If you are not sure, ask: Ask your manager or your administrator if what you are being asked to do is unusual; ask through your normal methods.
  • Do not respond unless you are certain: do not provide your phone number or respond to emails. Hang up the phone if you feel threatened.
  • React quickly if you think your account / computer was compromised: change your password and contact your local IT department.

See more detail in this document.
Social Engineering Personalized Attacks Factsheet

Want to learn more about malware and its effect on the U of T community?

Here are some Security Matters articles on previous incidents that involve social engineering