Stay Cyber-Safe: What to Know about Social Engineering and Online Security

Posted on July 29, 2025
Cybersecurity Awareness

October is Cyber Security Awareness Month!

In today’s hyper-connected world, cybercrime is everywhere—and students are just as much a target as big companies. Hackers are constantly developing new ways to trick people into giving up sensitive info or access to systems. That’s why UIC’s Cybersecurity Team is here to help you stay ahead of the threats.

Let’s break down five key topics every student should understand to protect themselves and their data.

1. Social Engineering Attacks: When Hackers Trick You

Social engineering attacks are all about manipulation. Instead of hacking a computer, attackers try to “hack” people—getting them to click, share, or act in ways that give criminals access.

Common Types of Social Engineering Attacks

  • Phishing Emails
    Look like they’re from your bank, a professor, or even the university, but are actually fake. They often ask for passwords or try to get you to download malicious attachments.
  • Vishing (Voice Phishing)
    Phone calls pretending to be from your bank, tech support, or government agencies to steal personal info.
  • Smishing (SMS Phishing)
    Texts that look legit but link to shady websites or fake support lines.
  • In-Person Impersonation
    People posing as staff, vendors, or delivery workers trying to access restricted areas or devices.
  • Malicious USB Drops: USB drives left lying around labeled things like “Payroll” or “Private Photos” to tempt you into plugging them in—bad idea.

2. How to Spot a Social Engineering Attack

When something feels off, it probably is. Here are a few red flags to look out for:

  • Unknown sender or caller?
     If you don’t recognize the person or weren’t expecting the message, be cautious.
  • Urgent tone?
    Messages that rush or scare you into acting quickly are classic tactics.
  • Strange contact details?
    Look closely at email addresses or phone numbers—tiny differences can be a big red flag.
  • Unusual attachments or links?
    If you weren’t expecting it, don’t click it.
  • Found a USB?
    Leave it where it is. Don’t plug it in—ever.

3. How to Protect Yourself

Take precautions to keep hackers at bay and keep your data safe!

  • Emails/Texts
    Double-check with the sender using a known contact method—not the one in the suspicious message.
  • Phone Calls
    Don’t give info on the spot. Hang up, find the official number, and call back.
  • In-Person Visitors
    Ask your supervisor or contact the referenced department to confirm if someone should be there.
  • USB Drives
    Never plug in found devices—malware can launch the moment it connects.
  • Use Duo 2FA
    Always use Duo two-factor authentication to protect your accounts—even if someone gets your password, they won’t get in without your second factor.
  • Create Strong Passwords
    Use long, unique passwords with a mix of letters, numbers, and symbols. Avoid using the same password across multiple accounts.

4. Multi-Factor Authentication (MFA): Duo Adds an Extra Layer of Protection

Passwords alone just don’t cut it anymore. That’s why UIC uses Duo for Multi-Factor Authentication (2FA)—an extra layer of security that helps keep your accounts safe, even if your password is stolen.

Watch Out for MFA Fatigue (a.k.a. Duo Bombing)

If you receive multiple Duo push requests that you didn’t initiate, an attacker may be trying to wear you down into approving access.

What to Do:

  • Never approve unexpected Duo requests
  • Change your password right away
  • Report the incident to security@uic.edu

Using Duo helps protect your UIC account—but it only works if you stay alert.

5. Choose Passwords Wisely!

Passphrases > Passwords: Why Longer Is Stronger

Your password is your first defense against hackers! Short passwords are outdated and easy to crack. Try a passphrase instead: A string of random or meaningful words (15+ characters) that’s easier to remember but way harder to break.

Examples:

  • Weak password: Summer2024!
  • Strong password: PorpleP!zzaUnd3rTheMOOn

Reusing Your Email Address and Password? Think Again.

It’s common to use your email address as your username for multiple accounts—but don’t make the mistake of using the same password everywhere.

Why It’s Dangerous: If one site gets breached, attackers can try the same login info on your email and other accounts (called “credential stuffing”).

Risks of a Compromised Email Account:

  • Hackers can reset passwords to other services (like your bank)
  • They can read your private emails—or send malicious ones from your name

Protect Yourself:

  • Use unique passwords for each site
  • Turn on MFA for your email
  • Consider a password manager to stay organized

Need Help or Want to Report Something?

If you think you’ve been targeted or just want to learn more:

Stay smart. Stay alert. Stay secure.

UIC Cyberguard

The UIC Cyber Guard page is a centralized resource that highlights real examples of recent email and online scams targeting the UIC community—including phishing attempts, fake job offers, smishing, and fraudulent account alerts. It includes screenshots of actual scam messages, key hallmarks to watch for.

Modified on August 12, 2025