Social Engineering
Social engineering is nothing new. It's psychological manipulation that taps into the human psyche by exploiting powerful emotions such as vanity, authority, fear, urgency, curiosity, or greed. Many social engineering attacks rely on people’s natural willingness to be helpful or the desire for free stuff.
Popular Types of Social Engineering Attacks
PHISHING
Seemingly legit email has you share info, click links, or download attachments to install malware. Tricks you into believing a legitimate company wants your data and threatens you for non-compliance.
SPEAR PHISHING
"Tailored" phishing. May use your full name, username, and other personal information. Crooks know that if you get an email from a friend, your bank, or a familiar company, you will likely trust it.
SOCIAL ATTACKS
Cybercriminals flock to social media for info about their victims. You may be attacked by someone who looks like a friend sending you a special deal, or your home may be in danger when you "check in" on your date or vacation.
BAITING
Happens when an attacker leaves a malware-infected physical device, such as a USB flash drive, in a place that is sure to be found. The victim picks up the device, and, out of curiosity, loads it onto his or her computer, unintentionally installing the malware.
SCAREWARE
Involves tricking you into thinking your computer is infected with a virus. The attacker then offers you a solution that will fix the bogus problem. In reality, you download and install the attacker’s malware.
RANSOMWARE
A type of malware that restricts access to the infected computer system in some way, usually by encrypting files on the system’s hard drive, and demands that the user pay a ransom to the cyber criminals to get the files decrypted.
Fend Off Psychological Attacks!
- Companies you do business with should never ask for your account information, credit card numbers, passwords, or any other personal information in an email or phone call. If you have questions about an email you receive, call the legitimate phone number from the companies web site and verify the sender's information.
- Do not reveal personal or financial information in an email or phone call. This includes clicking links in an email.
- Equip your computer with anti-virus, anti-malware, and anti-exploit security programs. These will help stop malware attacks from a technical standpoint.
- Lock down privacy settings on your social media accounts. Don’t put personal information on these accounts. Make sure you’re making information available only to those you wish to have it.
- Pay attention to the URL of a website. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain.
- Finally, and most importantly, use common sense. A healthy dose of skepticism goes a long way. Verify information. Contact the claimed source. Stop and think about what is being asked of you.
Have You Been Victimized by Social Engineering?
- If you believe you might have revealed sensitive information about Lamar University, contact itsecurity@lamar.edu or servicedesk@lamar.edu. They can be alert for any suspicious or unusual activity.
- If you believe your financial accounts have been compromised, contact your financial institution immediately, and close any accounts that may be compromised. Watch for any unexplained charges to your account.
- Immediately change any passwords you might have revealed. If you use the same password for multiple accounts, make sure to change it for each account, and do not use that password in the future.
- Watch for any signs of identity theft.
