Phishing & Social Engineering: Don’t fall for a nasty guise!
In order to access the sacred artifacts, the rogue, the barbarian, and the sorcerer knew they needed to get past the guards to gain entry to the temple, but the question was how? The rogue thought about hiding in the shadows and sneaking in, but what about everyone else? The barbarian thought of just taking down the guards by force, but that would raise an alarm. Finally, the sorcerer stood up, and with a wave of his hand, changed the group’s form to make them magically appear as guards, and they simply walked in.
Social Engineering & Phishing: Don’t fall for a nasty guise! Heading link
Social engineering occurs when someone is manipulated into allowing access to, or giving up confidential information. A classic example is that of the “Nigerian Prince” email scam, where the scammer pretends to be someone in need who will gladly pay you for help. All you need to do, they claim, is transfer a few hundred dollars or allow them access to your bank account.
In Phishing, a scammer tries to gather valuable data by putting out “bait” and seeing if anyone bites. A phish could be an email that appears to be from your bank asking for you to log into a site and check your account security, but the link leads to a fake site that gathers your bank login information instead. A variant of this is Spear Phishing, where a specific target is hit, usually someone with access to sensitive information such as an executive or HR employee.
Here are a few tips on how to protect yourself from social engineering and phishing:
- Always make sure links are legitimate by hovering your cursor over the URL to see where they actually go to first, and if you are in doubt, contact the person or organization who appears to be sending you the information. The same goes for “Vishing” and “SMishing” which use voice calls and SMS messaging to steal information.
- Don’t use an untrusted device. If you find a USB stick in a parking lot, a random disc, or any other type of media storage, toss it out. They could easily be filled with malicious software that will launch itself when plugging them into your devices. The same goes for charging cables for your phone or laptop received from untrusted sources. These can also be loaded with malware.
- Trust your security features. Many email services, anti-virus software, and even cellular providers have various types of “anti-scam” security that may warn you regarding potential scams. Take these warnings seriously and consider them carefully before taking any actions.
- Slow down and think. Does a situation sound too good to be true? Oftentimes, social engineering relies on making a person act too quickly without time to consider their action. Scammers may pretend to be a relative or colleague in dire need, but think – is it normal for them to send out emails instead of calling? Call that colleague or relative to confirm it’s really them.
Following these tips can help keep your personal information secure!
For more information, contact security@uic.edu.