Recently there’s been a reported rise in the number of cyber incidents suspected to be the result of social engineering, a tactic which involves approaching an individual, either online or in person, and manipulating them into providing personal information that can be used to break into a computer network or assume someone’s identity.
Such schemes can be as brazen as tricking you into handing over a password or as seemingly harmless as asking what kind of software you use or the name of the person responsible for maintaining your computer network. Perpetrators may pose as coworkers, repair men, IT staff or other outsiders with an apparent legitimate need to know such information.
To avoid becoming a victim of a social engineering attack:
- Be suspicious of unsolicited contacted from individuals seeking internal organizational data or personal information.
- Do not provide personal information or passwords over email or on the phone.
- Do not provide information about your organization.
- Pay attention to website URLs that use a variation in spelling or a different domain (e.g., .com vs. .net).
- Verify a request’s authenticity by contacting the company directly.
- Install and maintain anti-virus software, firewalls, and email filters.
- Report the incident immediately.
- Contact your financial institution and monitor your account activity.
- Immediately change all of your passwords.
- Report the attack to the police, and file a report with the Federal Trade Commission (http://ftc.gov) and US-CERT (http://www.us-cert.gov/).