Another tip in a series provided by the
Offices of Information Systems & Computing
and Audit, Compliance & Privacy.
We often hear about “phishing” attacks in the news, or in University security alerts. These attacks frequently use email messages to fool recipients into installing malicious applications (malware) or visiting fake websites by getting people to click links within, or open attachments to, deceptive emails.
Phishing emails are just one of several social engineering techniques used by cyber attackers and criminals to exploit people’s inclination to trust. Other social engineering techniques to watch out for include:
Phone scam—A phone call requesting an individual to verify their bank account and/or PIN, or a username and password. The caller may provide partial information to gain the individual’s trust. When receiving such a call, refrain from providing sensitive information. Instead, call the entity’s officially published number to verify the legitimacy of the call.
USB flash drive—An infected USB flash drive is left in a place easily found by others. The victim inserts this flash drive in their computer, which results in the installation of malware. If you find a USB drive on a counter or the floor, hand it over to your computing Local Support Provider (LSP).
Scareware—This technique involves convincing the victim into thinking their computer is infected with malware or other issues. The victim is lured to “fix” the issue by clicking on a pop-up window button or on a webpage link. Malware is then installed once the victim clicks on the button or the link.
Impersonation—A criminal pretending to be a technician asking for a username and password to access an individual’s computer. Instead, your LSP will often have their own account to access computers they support. If you have any doubts about a person’s identity, ask for their PennCard or contact your local computing organization to ensure the person is your LSP.
To learn more about how to protect yourself, see:
For additional tips, see the One Step Ahead link on the Information Security website.