With the start of the semester, PNW will see an increase in social engineering attempts. But what is social engineering? How can you spot it? And what can you do to protect yourself?
What is Social Engineering
Social engineers will try to take advantage of our behavior. Criminals can exploit people using various methods through the phone, online, or in person.
They typically will find directory information, org charts, or other public information online. Using this information, they will likely try to gain entry to a building or gain sensitive/confidential information.
What Does Social Engineering Look Like?
On the phone
A malicious actor may call and pretend to be the IRS, law enforcement, or a vendor. Typically, they will ask for personal information or payments. They may even say they spoke to your direct supervisor beforehand to trick you into thinking they are legitimate.
Phishing emails or messages with fraudulent links are often used as next steps. Criminals may even make their messages look like they’re coming from your coworker or supervisor.
Bad actors may ask, “Can you hold the door? I don’t have my key card with me.”. This tactic is known as tailgating, and can allow social engineers to gain access to areas they are shouldn’t have access to.
How to Protect Yourself Against Social Engineering.
- Be suspicious of emails and messages that attempt to have you click on links or make purchases. Always check that the sender information is correct.
- Be careful of what you say online. Your public information may be used against you.
- Confirm outside communication with your supervisor before giving data to vendors or external callers.
- Ask individuals for ID if you see them accessing an area that is restricted.