published 3 July
Social Engineering – the art of manipulating people into performing actions or divulging confidential information
There are many forms of social engineering, so please be on your guard. It is very easy to respond to requests for information without giving them a second thought, but people may maliciously attempt to collect personal or sensitive information from you, or relieve you of your IT equipment. Points to note include:
- Phishing: Ensure that you never respond to an e-mail that appears to come from a bank, or credit card or loan company requesting “verification” of information and warning of dire consequences if not provided. Phishing e-mails usually contain a link to a fraudulent web page that seems legitimate and may request anything from your home address to PIN numbers.
- You may also receive unsolicited telephone calls, known as phone phishing or “vishing” which will ask you for information directly or ask you to phone a number to verify information.
- Tailgating: Does that person you’ve held the door open for really work in that restricted area?
- Impersonation: Does the person who has just walked away with your IT equipment for fixing really work in IT?
Just a moment questioning may save you expense and embarrassment. If you would like to discuss your IT security queries then contact the University IT Security Officer at itso@shu.ac.uk.