Many scams arrive by email, but others arrive by SMS, phone calls or social media.
What is Social Engineering?
It is manipulating people into carrying out specific actions, or divulging information, that’s of use to an attacker.
Here are 3 types of social engineering scams:
Phishing is when you get sent an email that may appear genuine, but it is fake. It often contains a malicious link or attachment. Email is often the most well-known way of receiving phishing messages but they can also be via social media, text message or phone call. Some phishing attempts are scatter gun, but some are more sophisticated and may be targeted specifically at either you or the University.
Pretexting is the human equivalent of phishing, is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker, friend or a figure of authority well known to an end user in order to gain access to login information. An example of this type of scam is an email to an employee from what appears to be the Head of Department or IS Service Desk.
Baiting depends upon a victim taking the bait. It involves offering something enticing in exchange for login information or private data, the bait can come in digital form like downloading a movie or in physical form like a USB stick. Once the bait is downloaded or used malicious software is installed on your device.
Here are some tips to avoid social engineering scams:
- Do not click on links from emails or open any attachments that originated from an unknown or unexpected source, – instead, go to their websites independently and check if the information in the email is corroborated.
- Check legitimate websites for things that organisations will not do. For example, many websites will state that they will never ask you for your password or payment details via email.
- Trust your instincts – if something doesn’t feel right, consider your actions carefully and seek assistance if you’re unsure.
- If you receive an email from somebody you know that’s asking you to do something unusual involving money or passwords, try contacting them another way to confirm.
- Keep all software up to date, as this can help to protect against malware.
- Forward any suspicious emails as attachments to firstname.lastname@example.org. You can do this easily on a University PC by clicking on the ‘Report Message’ toolbar button in Outlook.
- Do not put external storage devices into your computer if you are not sure if they are safe.