A common misconception in regards to cyber-attacks is that they use highly advanced tools to access people’s accounts or obtain sensitive information, but as we have recently learned, this in not entirely true. Spammers know all too well that the easiest way into someone’s account is through social engineering, which is an attack where the spammer tricks you into doing something you should not do. These attacks come in all forms and one that we have recently seen is called CEO Fraud, which most often happens at work. The cyber attacker researches the organization through online reconnaissance (think whitepages.pace.edu) to identify your boss, their manager, or other university leadership. Once they have this information they construct an email pretending to be from this person and send it to you including an attachment with a virus, password harvester or other malicious content that can do damage to the machine or computer network. The email most often asks you to take action such as conducting a wire transfer or emailing sensitive information such as your password. Because it appears that this is coming from a trusted source such as your boss, you comply with the request and subsequently compromising your account credentials.
- Someone creating a great sense of urgency in an email might be trying to fool you into making a mistake, trust your instincts and report the incident.
- If they asking for information they should already have or should not have access to, it should raise concern.
- Asking for your password confirmation in any form of communication is never done by a legitimate organization or tech support.
- Something too good to be true most often is, emails indication you have won something when you did not even enter should be discarded immediately.