Social engineering attacks are on the rise in higher education. Recently, a number of colleges in the United States have been severely impacted by such attacks, which have resulted in prolonged shutdowns of entire systems and networks, as well as data inaccessibility and financial losses.
So what is social engineering? It is the clever manipulation of the natural human tendency to trust. Every day, attackers devise new ways to try to fool unsuspecting university students, staff, and faculty into divulging sensitive information and/or granting requests that compromise system access. Once a particular account or system is compromised, the attackers use that access to achieve further intrusions with the aim of gaining enough control over one or more systems to cause significant disruptions and/or demand a ransom from the victim(s).
These social engineering attacks can come in the form of an email (phishing), phone call (voice phishing or ‘vishing’), text message, social networking message, or from someone in person. Attackers will try to manipulate the targeted individual to provide unauthorized access or reveal sensitive information.
Social Engineering Attacks often:
- Create a highly emotional reaction and tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail
- Pretend to originate from a person or group of authority
- Blend facts with fake information to create a plausible scenario
- Pressure you to bypass or ignore policies or procedures
- Create a strong sense of curiosity or something that is too good to be true
- Request highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know