This month, University Technology’s ([U]Tech) Information Security Office is marking Data Privacy Month by sharing information to help Case Western Reserve University community members keep their information private and secure.
The focus this week is on shielding against social engineering attacks.
Social engineering is the use of deception to manipulate users into giving up their confidential information. This category of cyber-threats includes phishing attempts.
The following five pointers are courtesy of the SANS Institute:
- Resist the rush: Social engineers often create a tremendous sense of urgency—such as telling you there is a tight deadline—to trick you into making a mistake. If someone pressures you to bypass or ignore our policies, it is most likely an attack.
- Recognize the “bag of tricks”: Social engineers use emotions—such as fear, intimidation, curiosity or excitement—to get you to do what they want. If something sounds suspicious or too good to be true, it probably is.
- Think before you click: Social engineers want you to carelessly click on links and not think twice before opening attachments. Be cautious—one wrong move could infect your device and spread it to others.
- Don’t just download it or plug it in: Social engineers count on you to download unapproved software or plug-in infected USB drives or external devices. Only use authorized hardware and software. If you are not sure if something is authorized, just ask.
- Ask questions, and if it feels odd or suspicious, contact security
If you think you are experiencing a social engineering attack, hang up the phone or do not respond to the email, and contact the [U]Tech Service Desk (email@example.com, 216.368.HELP (4357) or case.edu/utech/help) or Information Security Office right away.