What is Social Engineering?
Social engineering is simply a modern version of the age-old method of scamming. Cyber attackers have found that scamming via the internet is extremely effective. A cyber attacker may send you an email, call you, post on a social media site, or contact you via any technology device. If someone reaches out or contacts you claiming to be from a computer support company to assist you with your infected computer, you should be on guard. Often times they will attempt to get you to buy their "security software" which is really a malicious program that will give them access to your information and infect your computer.
How do I detect/stop attacks?
Your best chance against social engineering attacks is to use common sense. If you feel uneasy in a situation like the one described above, don't communicate with the individual anymore. Hang up the phone, delete the email, terminate the internet connection if chatting online, and report the incident to the LTS Help Desk. Some common indicators are:
- The individual is creating a sense of urgency and you feel pressure to make a quick decision
- The individual is asking for information they should already know or should not have access to
- What the individual is proposing is too good to be true, like winning the lottery even though you never entered it
How do I prevent future attacks?
- Never share passwords. No organization will ever contact you and ask for your password.
- Don't share too much. The more information you make accessible online, the more a potential attacker can find out about you. The less you share, the less likely you will be attacked.
- Verify contacts. Your bank, credit card company, cell phone provider, or other organizations may call you for legitimate reasons. Ask the person for their name and extension number. You can find the company's phone number from a trusted source like the bank statement, back of your credit cards, or company websites (make sure to type the URL in your browser yourself), and then call the organization back.
What to do if you encounter phishing emails
If you encounter an email that you suspect as a phishing attack, you can report it to the LTS Help Desk and Google (Reporting to Google instructions). Forward the email to firstname.lastname@example.org and use the following instruction to report it through Google. If multiple users report the same email, Google is more likely to classify it as spam/phishing which will then prevent more people from receiving it.
1. To report a phishing email, go to the suspected email and click on the drop-down arrow in the top right.
Not all phishing emails will look exactly like this. Visit the article above for more information, but in general, be wary of emails that ask for account credentials or other sensitive information.
2. In the menu that appears after clicking the arrow, click the option labeled Report phishing.
3. The following message will then appear. Click the Report Phishing Message to complete the reporting process. Once it's reported, feel free to delete the email.
The LTS Help Desk highly recommends NOT visiting any links in the email. If you have, please contact us immediately by phone at 717-815-1559 or by email at email@example.com.
Entire websites or web pages can also be dedicated to phishing attacks. When phishing emails contain links, they generally link to these kinds of websites. If you encounter a suspicious site, Google has a webform you can use to report it. Follow this link to fill out the webform as seen below.