Surge in Social Engineering Attempts Targeting Universities
Thursday, August 1, 2024
Colleges and universities have recently reported a rise in social engineering attacks targeting users. Cybercriminals are employing increasingly sophisticated manipulation techniques to compromise sensitive information and systems. Understanding the common tactics and signs of these attacks is the best defense and is crucial for keeping our University’s information, networks, and yourself safe and secure.
Understanding Social Engineering
Social engineering involves manipulating individuals through direct human interaction to obtain sensitive information about a person or organization. The most common tactics used by attackers include:
- Phishing: Cybercriminals send emails that appear to come from trusted sources, aiming to trick individuals into sharing personal information.
- Vishing: Similar to phishing but conducted over the phone. Attackers use techniques like phone spoofing to elicit information or influence actions.
- Impersonation: Attackers pretend to be someone else, such as a colleague or authority figure, to gain access to sensitive information or systems.
Recognizing the Signs of an Attack
Social engineering attacks can be identified by certain tactics and signs. Be on the lookout for these red flags:
- Requests for Valuable Information: If someone asks for money, bank account details, personal information, or access to your devices, be cautious.
- Secrecy and Privacy: Attackers often ask to move conversations to personal email accounts, like Gmail or Hotmail, to avoid detection by the University’s official channels.
- Urgency and Pressure: Cybercriminals may create a sense of urgency, rushing you to make decisions before you can fully assess the situation.
- Authority Figures: Attackers may pose as university administrators, faculty members or law enforcement officers to exploit your trust in authority.
Example of Recent Attempts
Recently, there have been reports of bad actors reaching out to help desks outside regular hours, attempting to convince staff to make unauthorized changes to user accounts. This tactic is part of their effort to exploit institutional vulnerabilities by catching employees off guard when oversight might be reduced.
Protecting Yourself and the University
If you receive any suspicious requests or communications, do not respond or provide any information. Instead, utilize the Report Phishing button in Outlook or call the Technology Service Desk to report the incident to IT Security. Taking these actions is crucial to preventing attempts that may compromise both you and the entire Seton Hall community.
For more information, check out a printable infographic on five ways to spot a phishing email, and visit www.shu.edu/technology/phishing-scams.
Categories: Science and Technology