Social engineering is the art of manipulating people into giving up confidential information or access to restricted areas. Their attacks can come through emails, text messages, over the phone, via social media, in person, and more. Someone launching a social engineering attack won’t ask one person for the entire information they need. Instead, they will gather a lot of seemingly harmless information from many sources and use it to look legitimate.
Anyone with a legitimate claim to information or access to machines or areas should never be upset with you when you adhere to policies and procedures. If a situation makes you feel uncomfortable, reach out to others.
While there are a number of university policies to follow, never share your password or enter your password for another person, leave your computer unlocked or unattended, allow someone entrance into buildings or rooms restricted by a key or keypad access, etc.
Someone launching a social engineering attack will often have conducted thorough research, collecting information from a number of sources to avoid suspicion, and will have fake resources created to help strengthen the attack.
For example, someone claiming to be from a credit card company or phone company may set up a fake phone number and tell you to contact the number to verify their identity. Instead of relying on information given to you by someone you don’t know, locate the company’s legitimate phone number to verify the person’s claim.