Page History

Social Engineering is the art of manipulating people so they give up confidential information.

Criminals are usually trying to trick you into giving them your passwords or bank information or access your computer to secretly install malicious software that will give them access to your passwords and bank information.

Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.

Social Engineering Tactics

Baiting: Removable media containing malicious software or hardware (USB Killer) and online ads presenting promises designed to entice users to click on malicious links.

Scareware: Involves fictitious threats, such as pop-ups that entice users to install "tools" to update drivers or scan for problems.

Pretexting: Involves impersonation, and relies on victims' tendency to trust, such as fake emails from a supervisor requesting "a quick favor"; or unexpected invoices.

Phishing: Common examples include fake notifications about exceeded email account quotas and password resets.

Spear Fishing: Requires researching specific targets to craft credible-looking messages by posing a trusted source, such as fake notifications about shared documents.

You are the best defense against becoming a target.  Attackers have learned that the easiest way to get what they want is to target YOU! They want your passwords and any personal information they can get.  Attackers will try to do this via phishing emails, text messages, and phone calls. These types of messaging are prime tools for social engineering attacks. Look for red flags, such as grammatical errors, typos, urgency, sender's address, etc.

It's important to remember the following about phishing attempts:

• App State will never ask for your password! If a message asks you to validate, reauthenticate, or repair your computer or account, it is likely a phishing message. 
• Don't take the appearance of an email or website as a mark of legitimacy. Phishing emails can copy images, logos, and text to try to fool you.   
• The 'From' field in email messages can easily be faked.  Don't assume that an email is legitimate based on the sender in the ‘From’ field.
• If you receive a phishing message, send it to phish@appstate.edu for direct review.
  

If you need to exchange confidential data

• Instead of email, use the campus FileShare service.  
• More information can be found in ourKnowledge base Articles for FileShare. You can use FileShare with your Appalachian username and password at https://fileshare.appstate.edu/.

Be Careful When Sending Email

Gmail provides a handy Global Address List (GAL) that suggests recipients (auto-completes) from a list of all App State faculty, staff, and students. When you first email someone with a common name, make sure you are emailing the correct person by checking their username in our campus directory at the top of the appstate.edu homepage.