A Social Engineering Attack is when an attacker manipulates a person into performing actions, installing malicious software, or divulging confidential information. This can be done over Email (phishing), text, phone, or in person. The following are examples of common Social Engineering Attacks.
Tech support scams
An attacker calls impersonating the tech support department of your work, or a software company claiming to help you fix computer issues you may have. During the call the attacker convinces you to divulge credentials, install software or give them remote access to your computer. The attacker may then install a virus and require a fee in order to remove it.
Misplaced Flash Drive
An attacker will leave a USB flash drive somewhere hoping someone will pick it up and plug it in. A malicious USB could install malware on your computer even if you don’t open any files.
If you find a USB drive on campus, do not plug it in to your computer; return it to the Help Desk.
Calls from Credit Card companies (fraud alert)
An attacker calls pretending to be from your credit card company and asks if you purchased an expensive item. When you say no, the attacker asks for credit card information in order to reverse the charge.
Scareware is web content or spyware that tricks you into thinking your computer is infected with malware or that you have downloaded illegal content. The attacker offers a solution to fix the bogus problem, but you are tricked into installing the attacker’s malware. This is often seen as a webpage pop-up like the following example:
If you believe your PC may have a virus, run a virus scan from a legitimate anti-virus vendor, do not install unknown software.
IRS phone scams
An attacker impersonates an IRS agent and reports you must immediately pay thousands of dollars you owe in back taxes or will be arrested for tax fraud. They then ask for your credit card for immediate payment.
Tips for avoiding scams.