This month, University Technology’s ([U]Tech) Information Security Office is marking Data Privacy Month by sharing information to help Case Western Reserve University community members keep their information private and secure.
The focus this week is on shielding against social engineering attacks. Social engineering is the use of deception to manipulate users into giving up their confidential information. This category of cyberthreats includes phishing attempts.
The following five pointers are courtesy of the SANS Institute:
1. Resist the Rush
Social engineers often create a tremendous sense of urgency, such as telling you there is a tight deadline, to trick you into making a mistake. If someone pressures you to bypass or ignore our policies, it is most likely an attack.
2. Recognize the 'Bag of Tricks'
Social engineers use emotions, such as fear, intimidation, curiosity, or excitement, to get you to do what they want. If something sounds suspicious or too good to be true, it probably is.
3. Think Before You Click
Social engineers want you to carelessly click on links and not think twice before opening attachments. Be cautious: one wrong move could infect your device and spread it to others.
4. Don't Just Download It or Plug It In
Social engineers count on you to download unapproved software or plug-in infected USB drives or external devices. Only use authorized hardware and software. If you are not sure if something is authorized, just ask.
5. Ask Questions, and If It Feels Odd or Suspicious, Contact Security
If you think you are experiencing a social engineering attack, hang up the phone (or do not respond to the email), and contact the [U]Tech Service Desk (firstname.lastname@example.org, 216.368.HELP (4357) or case.edu/utech/help)or Information Security Office right away.
Visit the [U]Tech’s Information Security Office website for more security tips and the latest news.