“The weakest link in the security chain is the human element.”
Social Engineering – a practice of deceiving an individual in order to obtain confidential information and often linked to malicious activities; such as phishing, identity theft or fraud. Social engineering uses trickery for information gathering or computer system access, and in most cases, the attacker never comes face-to-face with the victim. Social engineering can occur in person but, is primarily over the phone and online (e.g. phishing & pharming). If an attacker is not able to gather information from one source, he or she may contact another sources within the same organization and rely on the information from the first source to add to his or her credibility. Social engineering attacks are often successful because they exploit the human tendency to trust and the desire to be helpful.
What should I do to protect myself from social engineering attacks?
Think before you act or release information.
Always verify an individual’s identity.
Always retain a degree of skepticism.
Challenge an individual’s credentials.
When in doubt, don’t hesitate to notify UST-IT Department.
Security Tip IV: Social Engineering
Protect sensitive information. Verify an individual's identity and credentials.