Social Engineering is the art of manipulating people so they give up confidential information.
Criminals are usually trying to trick you into giving them your passwords or bank information or access your computer to secretly install malicious software that will give them access to your passwords and bank information.
Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software.
Social Engineering Tactics
Baiting: Removable media containing malicious software or hardware (USB Killer) and online ads presenting promises designed to entice users to click on malicious links.
Scareware: Involves fictitious threats, such as pop-ups that entice users to install "tools" to update drivers or scan for problems.
Pretexting: Involves impersonation, and relies on victims' tendency to trust, such as fake emails from a supervisor requesting "a quick favor"; or unexpected invoices.
Phishing: Common examples include fake notifications about exceeded email account quotas and password resets.
Spear Fishing: Requires researching specific targets to craft credible-looking messages by posing a trusted source, such as fake notifications about shared documents.
You are the best defense against becoming a target. Attackers have learned that the easiest way to get what they want is to target YOU! They want your passwords and any personal information they can get. Attackers will try to do this via phishing emails, text messages, and phone calls. These types of messaging are prime tools for social engineering attacks. Look for red flags, such as grammatical errors, typos, urgency, sender's address, etc.
It's important to remember the following about phishing attempts:
If you need to exchange confidential data
Be Careful When Sending Email
Gmail provides a handy Global Address List (GAL) that suggests recipients (auto-completes) from a list of all App State faculty, staff, and students. When you first email someone with a common name, make sure you are emailing the correct person by checking their username in our campus directory at the top of the appstate.edu homepage.