Social engineering attacks are interactions an attacker tailors to what’s important and relevant to you. A scammer might collect information about you from a variety of public sources like social media accounts to use those details to impersonate someone you trust, like your boss or a family member. Social engineering attacks are often leveled at employees of a target organization to gain access to its systems or at individuals to gain their sensitive information. There are 3 general types of attacks that are more and more often being combined: phishing (email), smishing (SMS), and vishing (voice).
Stop. Think. Click.
"Phishing" is a type of social engineering attack when a criminal tries to get you to reveal your username and password by email. Sometimes they may ask for even more personal information such as your address or social security number. You should always be wary of messages that ask for your personal information or messages that refer you to a web page asking for these details.
Messages or websites phishing for information might ask you to enter the following information:
- Usernames and Passwords
- Social Security number
- Bank account numbers
- PINs (Personal Identification Numbers)
- Full credit card numbers
- Your mother’s maiden name
- Your birthday
SCU IT will NEVER ask for your password in an email.
When you receive any email, try to take the following steps to protect your information:
- Stop. You don’t need to respond to this email, download any attachments, or click any links if you don’t feel comfortable doing so.
- Think. Don’t recognize the email address? Are there misspelled words? Are they asking for you to do something right away? Reach out directly to whomever is asking for the information before doing anything. Your financial and personal information is very important, and trustworthy entities want to keep them safe.
- Click. Once you’ve confirmed you’re interacting with a person you’re comfortable with, use secure sites to transfer any important information.
If you are still not sure about an email or think you have responded to a phishing message: please call the Technology Help Desk x5700 (408-554-5700) or visit the Technology Help Desk on the first floor of the Learning Commons.
For more information about social engineering attacks, please visit this CISA page.
Find some phishing examples here.