Skip to body

Campus Notices

Avoiding Social Engineering and Phishing Attacks

Notice Type: 
Notices

Image result for pretexting sans

Q: What is a social engineering attack?

A: In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems.

Q: What is a phishing attack?

A: Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization.

Q: How do you avoid being a victim?

  •             Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  •             Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  •             Pay attention to the Uniform Resource Locator (URL) of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  •             If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.
  •            Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

Source: https://www.us-cert.gov/ncas/tips/ST04-014

 Brought to you by Information Security Services

 

 

 

 

 

Take the Next Step to Becoming a Wildcat.

Admissions@cwu.edu