Are you being socially engineered?
This information can then be used to gain unauthorized access to systems and data.
Social engineers rely on our natural human tendency to trust and be helpful. They usually carry out research on their target to gather pieces of information (e.g. date of birth, job title etc.) to convince the victim to give out information. We share so much about ourselves online that we’re making it easier for social engineers to find out information about us.
The loss, leaks or theft of information could have a serious impact on our company, so it’s important that you know the signs of social engineering and how to avoid becoming a victim.
Common forms of social engineering
Phishing: This is the most common form and involves sending an authentic looking email, pretending to be from someone you know or an organization you trust. You are then encouraged to click on a link. Genuine organizations would never ask you to share sensitive information in this way.
- Be suspicious if you receive an electronic message/attachment from an unusual source; containing wording that is either out of context or sounds too good to be true.
- Don’t open emails or attachments from unknown external sources as they may contain viruses.
- If you do open an attachment or respond to a suspicious email, contact Information Security via the Cyber Response line immediately.
Pretexting: This is sometimes known as the human form of phishing and is often conducted over the phone. The caller may try to bully, threaten or confuse you into disclosing information. For example: “Hi, I’m from the helpdesk. There’s a problem with your computer. I need to install some software so I’ll need your user ID and password.”
Tailgating: This is where someone follows an employee through an access control point, without presenting an access card.
- Be alert to any attempts to gain unauthorized access to our systems or premises.
- Report anything suspicious to Information Security via the helpdesk immediately.
If in doubt, don’t give it out!
- Don’t respond to requests to provide classified information or passwords.
- If you think you have been the victim of social engineering, forward the email to the Cyber Response team immediately and delete it. All matters will be dealt with confidentially.
- Never forward a suspicious email to any other party, whether inside or outside the company.
Call the Cyber Response line: 781-907-3745
Call the Cyber Response line: 0121 424 8204