Body
Social engineering attacks are designed to obtain sensitive information through deceptive tactics. These tactics usually depict a sense of urgency, impersonating an authority figure, or mimic a legitimate or expected practice like a notice to reset your password. Information targeted in these attacks could be user name and password, account information, social security number, etc. Social engineering is also used to deploy malware and spyware on the device.
EMAIL PHISHING
- Example: You received an unexpected email from what you think is your bank or perhaps the accounts payable departments asking you to click on a link or download an attachment to approve payment.
- Example: Email notification stating you need to reset your password with a link that opens for you to enter your username and current password
VISHING: Vocal or over the phone
- Example: An unexpected call from a tech company or "tech support" asking you to access a browser or site because they detected an issue with your computer or account.
SMISHING: SMS or text message
- Attackers use SMS message instead of email in this instance to lure the user into clicking on a link to a malicious site which likely downloads malicious software on the device.
OTHER types of phishing
- POP-UPs:
- Example: While on website, you may see a pop-up prompting you to allow notifications, but actually downloads malware
- Example: While on a website, you may see a fake CAPTCHA authentication where instead of taking action on an image, it asks you to perform a command.
HOW TO PREVENT BEING COMPROMISED
DO NOT:
- Click any links in the email or message
- Open any attachments
- Forward the email
- Ignore suspicious activity
DO:
- Report phishing emails via the "Report Message" button in Outlook
- Always hover over a link to see if the address is valid or logical before clicking the link
- Never download anything unless you are certain it is valid
- Never give out sensitive information like passwords or account numbers