Social Engineering is a technique used to trick an individual into giving up sensitive information that can be used in a criminal activity. Most often the targeted information is credit card and banking information, followed by social security numbers and passwords. The social engineer may use e-mails, voice messages, or even in person visits masquerading as a legitimate, trusted source.
The language used by the Social Engineer is often persuasively urgent, such as: "please enter your password before your account expires" or "we recently experienced technical problems with our computer system we need your assistance to validate your information, please enter your information on our website."
IMPORTANT: The Office of Information Technology does not request account information (such as your password) by e-mail. If you receive such a message, it is what is known as a phishing attack. This is a criminal attempt to acquire sensitive information from would be victims.
"Phishing" is a term used to describe fraudulent e-mail messages that masquerade as a bank, credit card company, or retailer asking you to provide personal data through a web page.
Never provide passwords, banking information, or personally identifiable information, based on instructions sent to you via e-mail or an unsolicited voice mail message. More information is available at www.antiphishing.org/
Spear Phishing Attacks
Spear Phishing is a targeted attack, like Phishing comes from a trusted source; however, it appears to come from someone with authority in your organization. Sophisticated groups seeking financial gain or industry specific secrets generally perpetrate spear phishing.
"Vishing" is social engineering using the telephone. A voice message is left asking you to provide credit card or bank information or other personally identifiable information. This technique takes advantage of peoples familiarity and trust in our telephone systems.
VoIP, Voice over IP, are telephones that use the Internet to transmit the call and are more easily exploited by hackers. As with other forms of social engineering, stay cautious. If in doubt, call or visit the institution requesting personally identifiable information.
Check out the following:
- How to Foil Phishing Scams - www.sciam.com/article.cfm?id=how-to-foil-phishing-scams
- Phishing and Spam IQ Quiz - www.sonicwall.com/phishing/
- Social Engineering Fundamentals - www.securityfocus.com/infocus/1527