Previous Article
Next Article

Cyber Attackers Are All Trick, No Treat

Print Article

By Keith Hartranft, LTS

If only they would just ring the doorbell and run. But no, cyber attackers aren’t looking for giggles, and they really don’t want candy or caramel apples either. What they want is access.

Access to network resources … Access to credit card information ... Access to a bank account or to alter a direct deposit ... Access to research information…  Access to personal information … And they know … that the best way to obtain that access … IS THROUGH YOU!

Learn About Those Tricky Disguises!
The attackers often do come however, dressed in disguises … an email that either promises fortune or threatens an action and urges you to rapidly respond …  a program download that offers a ”free” version of a normally licensed product … or someone who may even be dressed as YOU on Facebook or other social media, trying to entice your friends to open attachments and click links of their choosing. This “candy” is nothing more than a trick called Social Engineering and attackers use it very well.

Social Engineering is a manipulation tool that recognizes that the user’s decision-making is a weak point. This is because we as humans want to do the right thing – to be helpful, to be friends, to respond quickly, to be “thrifty” (or even wealthy). These impulses, and our gullibility, are what attackers exploit through Phishing, Malware, Identity Theft, and Data Loss assaults.

Surf Safely and Wear Bright Colors!
Like trick or treating, spending time on the Internet can be fun, but it also has its dark corners. Bright colors or flashlights might not help on the web, but we can shed light on cyber security issues to make you more aware. There are ways you can become a more informed information systems user.

The Lehigh University LTS Information Security Team purchased the SANS Institute Securing the Human training videos for viewing by Lehigh faculty and staff which are aimed at raising user information security awareness. The SANS Institute and its Internet Storm Center is a recognized leader and clearinghouse for training and awareness in cyber security. Each video is similar in structure in that it addresses a single topic in information security and usually runs from 2 to 5 minutes in length. Just perfect with a daily sip-o-coffee and pastry treat!

The video training modules can be accessed by faculty and staff through Lehigh’s Course Site and access can be obtained by self-enrolling through the Lehigh Portal Computin
g Tab in the Computing Security section.  The awareness topics include:

  • Safe Computing Basics such as Social Engineering Awareness, Password Protection, Phishing, and Malware
  • Data Security of Mobile Devices, Data in the Cloud,  and Use of WiFi
  • Types of Data that has Security Requirements such as: SSN’s, PII, Financial and FERPA Data  and Credit Cards
  • Security Outside the Workplace: Protecting the Home Network, Social Networking, and Protecting Your Kids Online
Learn to Look Both Ways Before You … Click!
This October marks the 10th anniversary of National Cyber Security Awareness Month, a program created as a collaborative effort by the US Department of Homeland Security and the National Cyber Security Alliance to “ensure every American has the resources they need to stay safer and more secure online.”

This year’s theme is Our Shared Responsibility, and Lehigh University and the LTS Information Security Team are participating as National Cyber Security Awareness Month Champions. This includes outreach both within the Lehigh community and to outside secondary and post-secondary students, staff, and educators; industries; and professional groups. We are reaching out through events, activities, and campaign materials distributions designed at promoting security awareness.

Anyone can get involved and make a difference this October by visiting  and learning more about specific program initiatives. The site also includes simple tips and advice sheets, videos, posters, banners, and more, all promoting the simple tagline to security of: STOP. THINK. CONNECT.

Faculty, staff and students will see these awareness promotions visible on campus this month as well. Lehigh departments can contact the LTS Security Officer through the Lehigh Portal Computing Security channel or email to arrange for specific department awareness outreach as well.

Remember to Inspect Those Goodie Bags!
So take the time to recognize the ways attackers come knocking this month. Inspect those goodie bags by learning to use virus scanning tools. Learn to NOT take candy from strangers and open strange attachments or link to strange web addresses. Learn to recognize those cyber attackers’ tricks and treat yourself and raise your security awareness! Participate in SANS Securing the Human Training, host a department security awareness event, or simply take up a network neighborhood watch and adopt STOP. THINK. CONNECT. 

HR News

Workplace Learning & Wellness Programs

View Full Calendar

Spotlight is published monthly by Human Resources. Please address any comments to Hillary Kwiatek, Spotlight Editor, Human Resources, 428 Brodhead Avenue, send email to, or call extension 85165.

Current and past issues of Spotlight can be viewed and searched at: Past Issues.