Social engineering is the tactic of manipulating or tricking someone in order to access a computer system, or to steal personal and financial information. Its goal is to get people to make security mistakes or give away sensitive information. Attackers usually investigate the victim and gather information before attempting to gain trust. In this tip, we share some ways to help keep yourself safe from social engineering attacks.
Some social engineering ploys can be quite elaborate and may play out over a prolonged period. Examples of social engineering include:
- Phishing — email messages attempting to acquire sensitive information
- Smishing — phishing via text message
- Baiting — a kind of trap, such as a flash drive left in a conspicuous area containing malware
- Pretexting — the use of things like surveys or one-on-one conversations to gather personal or sensitive information
- Tailgating — the impersonation of a person (student, employee, delivery person, etc.) in order to gain physical access to restricted areas
Thankfully, there are some simple things you can do to help protect yourself from social engineering attacks:
- Don’t open email attachments from suspicious sources. Even if you know the sender, if the message seems suspicious, contact the person directly to confirm authenticity (via a different communication method).
- Use multi-factor authentication (MFA) wherever possible for your online accounts. For your SJSU accounts, use Duo two-factor authentication.
- Be conscious about how much personal information you share on social media. Social engineers can use information from social media to impersonate targets.
- Never plug an unknown USB device into your computer. If you find an unattended device on campus, contact the SJSU IT Service Desk so you can give it to them. Additionally, be careful about free give-away USB devices that are distributed at trade shows, events, etc.
- Be careful opening doors for strangers or people following you into a secure area (tailgating/piggy-backing). If someone asks you to open a door for them or tries to follow you into an area, ask for identification to prove they are who they claim to be.
Thank you to our Information Security Team for providing this tip and helping protect our university. As always, the SJSU IT Service Desk is here to help by phone at (408) 924-1530 or online.
Vice President for Information Technology
and CIO at San José State University