Cyber attackers have learned that often the easiest way to steal your information, hack your accounts, or infect your systems is to simply trick you into making a mistake by using a method called social engineering.
Social engineering is when a cyber attacker pretends to be someone or something you know or trust, such as your bank, a coworker, or a tech support company, and then uses that trust to get what they want, usually by just asking for it.
Be a Human Firewall by recognizing a social engineering attack!
There use numerous tricks to get your attention, such as offering free downloads, announcing that you won a contest, or pretending that your computer is infected. In addition, these attacks often appear to be legitimate, such as including an official logo or a formal signature.
Their goal? To get you to share information, (like your password) or take a specific action, (like opening an infected email attachment).
You can help to protect yourself, your family, and our organization by recognizing social engineering attacks before they happen.
Let’s look at a common type of social engineering attack:
You get a call from someone claiming to be from a governmental organization. The person on the phone informs you that your taxes are overdue and that you will be arrested in the next 48 hours unless you pay the outstanding amount. The caller then explains a process by which you can easily and immediately pay the amount owed over the phone and avoid going to jail.
However, this is not really someone from the government. Instead, it is a cyber attacker trying to trick you into paying them money. They do this by creating a tremendous sense of urgency and scaring you into making a mistake, such as giving them your credit card information or bank information for payment.
Some common indicators of a social engineering attack include:
- Someone creating a tremendous sense of urgency. If you feel like you are under pressure to make a very quick decision, be suspicious.
- Someone asking for information they should not have access to or should already know.
Now is the time to be a Human Firewall!
If you haven’t already done so before, you can logon to https://humanfirewall.kaust.edu.sa and learn more by going through our eLearning courses.
You can also reach out to us to attend our monthly security awareness sessions to learn the latest tricks cyber attackers are using and how you can spot and defend against them.
The lessons you will learn will help to protect you, whether at work or at home. We want you to be a Human Firewall, and your mission starts now.
This article was developed by KAUST’s Information Security Team
using material provided by SANS Security Awareness – SANS Institute 2019
For more information, please contact us at: askinfosec@kaust.edu.sa.
KAUST IT
We make IT happen!