“The weakest link in the security chain is the human element”
Social Engineering – is a practice of deceiving an individual in order to obtain confidential information, and is often linked to malicious activities, such as phishing, identity theft, or fraud. Social Engineering applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim; there are cases where it can occur in person but, mostly over the phone, and online (e.g. phishing & pharming). If an attacker is not able to gather information from one source, he or she may contact another sources within the same organization and rely on the information from the first source to add to his or her credibility. Social engineering attacks are often successful because they exploit the human tendency to trust and the desire to be helpful.
What should I do to protect myself from social engineering attacks?
- Think before you act or release information
- Always verify an individual’s identity
- Always retain a degree of skepticism
- Challenge an individual’s credentials
- When in doubt, don’t hesitate to notify UST-IT Department