When asked whether people take cybersecurity seriously enough, IT expert Marcin Pulcer chuckled to say, “No.”
That’s something he hopes to change.
Pulcer, the assistant director of IT at the University of Windsor, explains that his team is constantly trying to equip the campus community and the public at large with tools and knowledge to protect themselves from potential online threats and people who want to cause harm.
“Oftentimes, these people are … their full time job is trying to swindle people on the internet,” he explained.
From email phishing attacks, to phone scams, Pulcer said people need to be very aware. They can come in the form of emails, text messages, ads, and so on.
“We’ve had very smart, very tech-savvy people get caught by these types of errors…. I don’t want to call it a human error. Just, you know, tricked,” he said.
A popular gift card scam
While the volume of attacks remains consistent, Pulcer said they’re always seeing new types of attacks.
Of late, a popular scam is one in the form of a gift card prize offer.
“The gift card scam is actually really popular,” explained Kevin Macnaughton, the team lead for security at the university.
“It was the sort of scam-de-jour of 2020, and it’s continued into 2021.”
In one example, it looks as though a company like Amazon is emailing the recipient, urging them to act quickly in order to win a $500 gift card — but as Macnaughton points out, there are clues that reveal it’s a scam.
The offer is something unexpected (like a gift card reward), it’s urgent (asks you to take action immediately), and inconsistent (unusual content).
Macnaughton points to the Amazon example where in one email, the subject line offers a $500 gift card, but in the body of the message, it’s $1,000. Furthermore, once clicking on the link (which Macnaughton warns you should never do), the “z” in Amazon is reversed which is referred to as a “look-alike fake” scam.
These inconsistencies and errors are done on purpose, he explained.
“They intentionally make mistakes because they want people who don’t pay attention to be the ones that fall for it,” he said.
“As soon as you see those three clues, you then think the message is suspicious and so you don’t click any links or any buttons in the message. All you do is delete it.”