Social engineering is the art of using an organisation's own people against it and the Covid-19 crisis is the perfect opportunity to use social engineering techniques to compromise information systems security for nefarious purposes. This is typically achieved through ‘spoofing attacks’ in which emails and phone calls appearing to be from Government and trusted entities such as the University itself, are used to persuade people to disclose log-on credentials or download malware. The threat actors launching such attacks include criminal gangs seeking financial gain and groups working on behalf of hostile state organisations.
The United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory on the increased threat to information security resulting from the Covid-19 pandemic with advice on how to mitigate against such attacks.
As always the University’s information security website provides useful information and the GRC team can be contacted via firstname.lastname@example.org for further support.