Social engineering is a term that describes a non-technical approach to obtaining sensitive personal information and access to technology resources. This technique often involves tricking other people to break normal security procedures. Often this is accomplished via phone or even in person. Social engineers rely on the fact that people are generally not aware of the value of the information they possess and are careless about protecting it. They search dumpsters for information, memorize access codes by looking over someone's shoulder (shoulder surfing) or take advantage of the natural inclination to choose passwords that are meaningful to the individual (pet names, childrens' names etc).
For example, some hackers will actually contact you via phone pretending to be someone in OIT. They will ask you to verify your information or provide your current password pretending that there is a problem with your account. Or in the reverse, someone may contact the Help Desk and pretend to be a faculty or staff member requesting an emergency password reset in order to gain access to the network.
What is the danger of Social Engineering?
The danger of social engineering is that an unauthorized individuals would be able to gain access to valuable resources and information that is otherwise secured.
- Be suspicious of unsolicited phone calls, visits or email messages from individuals asking about internal information.
- Do not provide personal information or information about your department or organization unless you are certain of a person's authority to have the information
- Do not reveal personal or financial information in an email or over the phone.
- Be aware of your surroundings especially when entering your password, pin number, etc.