• Created by Unknown User (arichard), last updated on Mar 11, 2020 2 minute read

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Overview

The following definition for social engineering comes from the U.S. Department of Homeland Security:

In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Social engineering is a broad field that includes not just phishing and spamming, but also actual face-to-face interactions between hackers and their unsuspecting victims.

This page explains some of the simple things you can do to protect yourself from these types of attacks.

Tips

Be aware of anyone going through trash and other items they shouldn't be.

Our trash and other belongings may contain key details about ourselves or others.  Hackers can use the data found in these places to engage in social engineering attacks.

Do not open doors to others when those doors are typically locked.

Some hackers try to gain access to a locked building by waiting for someone else to enter the building, and then follow behind them.

Anyone who is entering a locked building or room need to provide the necessary key, key fob, or ID card.

Do not plug in unknown USB devices into your machine.

See What to do if you find a lost USB flash drive for additional details.

Limit what information you share and post on your social media profiles.

Users have to answer security questions when they reset their passwords.  The answers to many of these questions can be found on your social media profiles, depending on how much information you divulge.

Also, hackers may use your social media profiles to attempt to impersonate you over the phone or in an email, to gain access to areas they shouldn't be.

Verify who people are before you share information.

When you get a call and someone asks you for information, feel free to 1) politely end the call, 2) 



ITS Help Desk

(850) 474-2075
helpdesk@uwf.edu

On this page

  • No labels