Cybersecurity is not just a concern for businesses and IT professionals—it is an essential aspect of personal security as well. One of the key measures I take to protect myself is using ESET for endpoint protection, primarily because it supports both computers and mobile devices. Mobile security is crucial, as social engineering attacks increasingly target individuals through multiple communication channels. Having experienced a near-successful scam firsthand during my college years, I understand just how deceptive and convincing these attacks can be.
A Firsthand Encounter with Social Engineering
As a computer science major, I considered myself well-versed in cybersecurity best practices. However, even with technical knowledge, I almost fell victim to a scam that leveraged trust, urgency, and familiarity—common tactics in social engineering.
While in college, I received an email through my university-issued email account, an address I had only used for academic purposes. The email appeared to come from a reputable professor at my university, advertising an opportunity to work as a professor’s assistant. Given the legitimacy of the email address and the familiarity of the professor’s name, I did not immediately suspect anything unusual.
Upon expressing interest in the position, I was quickly given an urgent task: purchasing specific office supplies from a local Office Depot. The request seemed reasonable at first, especially considering that some employers might ask new hires to handle minor tasks as part of their responsibilities. To reassure me, they stated that I would be reimbursed once I provided the receipt.
However, things took a strange turn when I was sent a digital check for $800, an amount far exceeding the cost of the requested supplies. This immediately raised red flags. The likely intention was to have me deposit the check, use my own money to refund the overpayment, and then later discover that the check was fraudulent or linked to a stolen account. This is a common scam technique often used in digital money laundering, where scammers manipulate victims into unknowingly laundering stolen funds.
At that moment, I realized this was not a legitimate job offer but rather a well-crafted scam designed to exploit students looking for work. The fact that the attacker had gained access to my school email address meant that they likely had access to other public faculty and student records—information that could be used to further deceive victims.
The Growing Threat of Mobile-Based Attacks
Beyond email-based scams, I have also had my cell phone compromised in the past, leading to the exposure of my full legal name, phone number, and home address. With this information in the hands of cybercriminals, I have taken extra precautions to restrict access to my device using a strict allow list. This means that only approved applications and trusted sources can interact with my phone, significantly reducing the risk of further breaches.
Mobile devices are particularly vulnerable to attacks, as they serve as entry points for phishing attempts, malware, SIM-swapping attacks, and fraudulent calls. Given how integral smartphones are to daily life—including financial transactions, authentication apps, and personal communications—it is critical to treat mobile security with the same level of caution as desktop cybersecurity.
Why Personal Cybersecurity Matters
My experience highlights why cybersecurity is not just a concern for large organizations—it is a personal responsibility. Many people assume that cyber threats are limited to corporate data breaches or nation-state hacking, but in reality, individuals are frequent targets due to their personal data being readily available through leaks and breaches.
To enhance personal cybersecurity, I recommend the following:
- Use reputable endpoint protection software (such as ESET) on both computers and mobile devices.
- Be skeptical of urgent financial requests, even if they appear to come from trusted sources.
- Enable multi-factor authentication (MFA) on all important accounts to prevent unauthorized access.
- Implement a strict allow list on mobile devices to limit exposure to malicious applications and unauthorized connections.
- Monitor personal data breaches using services like Have I Been Pwned to stay informed of leaked credentials.
Cyber threats continue to evolve, and attackers are becoming increasingly sophisticated. Taking proactive security measures is essential to protecting personal information, finances, and digital identities from falling into the wrong hands.