Personal tools
You are here: Home Issues Social Engineering Social Engineering
 

Social Engineering

These attacks are carried out by persuasion of another person who preys on such human weaknesses as the need to help others or conform. These people use their gile to gain access online or physically to secure locations.

IssuesLogo 

Ask Yourself

  • Do you trust other people, especially those in positions of authority?
  • Do you just throw away important mail from financial institutions without shredding it, even from credit card offers?
  • Have you ever sent someone your username/password because of an unsolicited email request?
  • Have you ever clicked on an email link and given personal information?
  • Do you prefer to say "yes" to requests for help?

If you answered yes to just one of these questions you could be the target of a social engineer!

Did You Know?

  • Virus attacks such as the ILOVEYOU virus are social engineering attacks.  People were curious about the attachment and many clicked on it, hence, the virus was spread.
  • No legitimate organization/business will ever solicit personal/financial information via an email or unsolicited phone call.
  • Always be weary of any unsolicited emails or visits.  It's one thing to contact a help desk and give them your login information (which you should change immediately after you've had their help!) but it's another thing for them to contact you.
  • Don't be afraid to ask for credentials of someone who says he or she works for a company/organization.

Safeguarding from Attacks

Physical Attacks

  • Don't let anyone you don't know gain access to a secure area without verifying his or her identity with a photo ID
  • Keep documents with personal information locked and secured
  • Shred documents that contain personal information when they are no longer needed
  • If you dispose of your computer, have the hard drive professionally wiped or remove and destroy it
  • If you get rid of computer media (e.g., floppies, CDs, USB thumb drives, etc.) even if you believe they won't work, destroy them
  • Be weary of others in labs and public computing areas to ensure that no one is stealing your information over your shoulder
  • Engrave your personal computer, use such theft software as LoJack, and use locks
  • Secure your laptop at all times and be careful of distractions that are golden opportunities for thieves

Telephone Attacks

  • If someone calls and requests personal or secure information don't give it to them.  Remember, you don't know they are who they say they are!
  • If someone identifies themselves as a powerful person over the phone and requests personal or secure information, don't give it to them.

Email Attacks (Phishing)

  • Don't supply personal/financial information via email (either by replying to an email or clicking a link inside the email and filling out forms)
  • Don't click on links in unsolicited emails (Pharming)
  • Don't click on web banners/ads and give personal information
  • Don't give personal information when installing software UNLESS it is to register the product because you paid for it
  • Don't use your school/professional email account for personal business.  Have a second email account for your personal life
  • Don't click on links or download files on Instant Messengers UNLESS you requested they be sent or downloaded. 
Document Actions