Big Data in AI Toronto: Social Engineering Security Threats

Introduction

• Speakers: Mr. Jim Peggy Amsas (Author, Writer, Podcaster) and Host
• Topic: Cybersecurity and social engineering threats

Cybersecurity Landscape During COVID-19

• Initial drop in cyber attacks during early COVID-19 (Q1 2020)
• High alert organizations made physical attacks harder
• Shift to social engineering attacks

Social Engineering

• Definition: Manipulating people to give up confidential information
• Common Targets: Passwords, financial info, social security numbers
• Methods: Gaining trust to exploit personal information

Types of Social Engineering Attacks

• Email Impersonation: Appears to be from friends/trusted sources
• Distress Calls: Fake emergencies requesting personal details
• In-Person: Creates trust through personal interaction
• Phone Calls: Impersonate authorities/banks (CRA scams)
• Digital: Emails, texts, social media mining

Examples of Attack Strategies

• Phishing: Fraudulent emails seeking personal information
• Spear Phishing: Targeted phishing with specific personal info
• Vishing: Voice phishing through phone calls
• Smishing: Phishing via SMS/text messages
• Man-in-the-Middle Attacks: Intercepting public Wi-Fi communications
• Browser Attacks: Hacking via browser vulnerabilities
• Social Media Mining: Using information from social profiles

Real-World Examples

• Increase in fraud calls during COVID-19 (CRA scam calls)
• Cambridge Analytica: Misuse of data to influence elections (Books: Targeted, Weapons of Math Destruction; Documentary: The Great Hack)
• Recent Facebook scandals and data privacy concerns

Impact of Social Engineering Attacks

• Financial services highly targeted
• Significant financial loss per incident ($25,000+)
• Only a quarter of companies provide proper employee training

Protection Strategies

• Strong Passwords: Create complex, lengthy passwords; avoid simple sequences
• Be Cautious with Messages: Verify sources, look for spelling errors, avoid urgent actions, scrutinize links
• Recognize Social Engineering Signs: Requests for valuable info, secrecy, urgent action, authority
• AI in Cybersecurity: Detect deep fakes, malicious downloads, phishing emails

Final Thoughts

• Awareness: Essential across all industries
• Resources: Books, documentaries to educate oneself on cybersecurity issues
• Public Wi-Fi: Avoid sharing personal/financial info over public networks

Communication

• Contact via Twitter or other platforms for queries

Q&A

• Session for audience questions and further discussion