February (2023) News from Information Security
Welcome to February! Was January just a blur for you, too? We’re well on our way into the semester and cyber attackers are back to their tricks after taking a little time for the holidays. I’m doing something different for this newsletter and I’ve invited a guest to contribute to the content. Our guest goes by the initials MW. I’m afraid the topic is well known to those of you who read this newsletter on a regular basis.
Phishing is still the number one way attackers penetrate an organization, so we can’t seem to stay away from the topic. Here is our guest contributor’s take on spotting phishing emails.
Phishing attempts are one of the most common forms of cyber attack. They rely on social engineering tactics to try and trick users into divulging their personal information or clicking malicious links. It is important to be aware of these attempts and to have the means to spot them in order to protect yourself and your organization.
First, it is important to understand what a phishing attempt is. Phishing is a type of cyber attack used to gain personal information, such as passwords, credit card numbers, or other sensitive information. It is typically done through malicious emails, text messages, or social media messages that appear to be from a legitimate source. These messages often contain links to malicious websites or attachments that contain malware.
In order to spot phishing attempts, there are a few key indicators to look out for. One of the most important is to be aware of the sender. If the email or message appears to be from a legitimate source, it is important to double check the sender’s email address or contact information. If the address is not associated with the purported sender, then it is likely a phishing attempt.
Another important indicator of a phishing attempt is the content of the email or message. If the email or message contains typos or grammatical errors, this is a red flag that it may be a scam. It is also important to look out for requests for personal information, such as passwords, credit card numbers, or other sensitive data.
It is also important to look out for any requests for money. Phishing attempts often involve asking for money or gift cards in order to “verify” an account or to receive a “refund”. If you receive such a request, be sure to verify the request with the purported sender before taking any action.
Finally, be wary of any emails or messages that contain links or attachments. It is important to scan any attachments for malicious software before opening them. If you receive an email or message with a link, it is important to hover your mouse over the link to view the full URL. If it is not a legitimate URL, then it is likely a phishing attempt.
By following these steps and being aware of the indicators of phishing attempts, you can protect yourself and your organization from these types of attacks.
MW
Now, as I said, a lot of this information is old hat to regular readers, but what is not old hat is who wrote this contribution, or more accurately, “what” wrote this. The preceding paragraphs were written not by a carbon-based life-form that goes by MW, but by Magic Write, a service provided by the graphic design website Canva. I’m not shilling for them, although we do use the site to create our monthly posters and other materials. Magic Write allows anyone to produce AI generated text about almost any topic and use it in a document, just as I did for this newsletter. I did not edit any part of the text, I simply copied and pasted it into this document. All that is required to use Magic Write is a short description of what you would like and it will output it in seconds. In this case, I put in “Write 1500 words on spotting phishing attempts”. It is only in length that the system failed to deliver. This contribution is only 395 words long, not 1500.
This technology is similar to the computer wizardry that powers ChatGPT, an AI capable of not just writing text, but programming code and designing websites. You can read more about ChatGPT at the following links, if you haven’t yet heard anything about it, which is unlikely at this point.
- https://chatgptonline.net/
- https://openai.com/blog/chatgpt/
- https://en.wikipedia.org/wiki/ChatGPT
- https://www.zdnet.com/article/what-is-chatgpt-and-why-does-it-matter-heres-everything-you-need-to-know/
Now that you know I don’t have a mystery contributor called MW, realize that I am attempting to make a completely different cybersecurity point about spotting phishing emails. We will soon no longer be able to depend on looking for poor grammar and spelling mistakes to weed out phishing emails. Cyber-criminals have and will use tools like ChatGPT to craft phishing emails. The attackers won’t even have to be able to speak or write English, as ChatGPT knows twenty different languages and can output in any of them. I highly recommend everyone brush up on the other red flags of phishing emails, which can be found on the Phishing Quick Info page right here on this site.
As soon as January is actually over (which it is not as of the time I am writing this) I will notify and announce the winner of the drawing for the desktop spinner.
All Berry students, faculty and staff have MFA enabled on their Berry account, and you should use it in the most secure way via the Microsoft Authenticator app on your smart phone. But don’t stop there! Use the Microsoft Authenticator as your second factor on any site that supports Google Authenticator. Turn MFA/2FA on everywhere you can. Yes, it will take you another few seconds to log in, but your data and account will be safer.
If I’m not covering a topic of cybersecurity you are interested in or concerned about, please let me know. I want to be your first and best resource on cybersecurity information, so let me know how I can help and inform you.
If you’re not following Berry OIT on Facebook (@BerryCollegeOIT), Twitter (@berryoit), or Instagram (@berrycollegeoit), you should be, as more information from OIT and specifically Information Security, will be provided using these outlets. If you are not into social media, you can also subscribe to get updates via email. Just use the link available in the right-hand sidebar on the current posts page.
You can always check back here for warnings about current phishing emails, confirmations of valid emails you might have a question about, and data breach notifications. There’s also the events calendar where events will be posted, like Cybersecurity Awareness Month.
Food For Thought
Last month we saw a somewhat terrifying video about robots and AI, so this month I wanted to shed some light on how these things learn, and they definitely learn, in their own way. From the same YouTuber, CGPGrey, here is how machines, or AI, learn, as best as we understand it.
Featured Image: Cropped from a Photo by Philipp Trubchenko on Unsplash
