Social Engineering

Social engineering is the art of manipulating people so they give up confidential information or allow access to restricted areas. It’s the art of gaining access to buildings, systems or information by exploiting our natural inclination to trust, rather than breaking in, or using technical hacking techniques.

  • Impersonation: The practice of pretending to be another person with the goal of obtaining information or access to a person, company, or computer system.
  • Vishing: (voice or VoIP phishing) is a fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. The difference between phishing and vishing is that the fraudster makes direct contact over the phone.
  • Phishing
  • Emergency Scams: When a con-artist poses as a friend or family member and requests money to help them out of a difficult situation. Visit the Canadian Anti-Fraud Centre for more information.

It is much easier to fool someone into reveal their password than it is to guess or crack the password. Social Engineering scammers know how to exploit your natural inclination to trust. The weakest link in the security chain is the human who accepts a person or scenario at face value. Since social engineering involves a human element, preventing these attacks can be tricky.

Many people at the university have access to things like:

  • Sensitive personal information.
  • Financial information.
  • Bank accounts.
  • Restricted areas of the university.
  • Access to the university after hours.

These things can be used by criminals for financial gain. If you are entrusted with access to anything at the university, it is critical that you ensure that anyone you deal with is in fact who they claim to be and that they have a legitimate reason to have access. Recently scammers have been making cold calls to some universities’ staff, indicating they sell equipment. After the initial call, they begin to follow up via email to try and convince the staff to review an attached equipment list. In this attachment is RansomWare. Their goal is to buddy up with individuals so you will open the attachment.

It doesn’t matter how many locks you have on your door if you simply open the door.

    • Don’t give away any of your sensitive information to a stranger. Make sure that the person you are dealing with is exactly who they claim to be.
    • Avoid social engineering schemes by only giving information to people who really have a need for the information.

If you have any question or concerns regarding Social Engineering please contact the Help Desk at x4357 or email us at itsecurity@brocku.ca

If you would like to learn more about Social Engineering or Cyber Security, visit the Cyber Security Awareness portal to register for an upcoming workshop.