|
In this issue... NUIT Events & Presentations NUIT Tech Talk Series: Unmasking Social Engineering. Friday, April 7, Noon to 1:00 p.m. [Register]NUIT Tech Talk Series: Spring Cleaning: Keep Your Computer in Great Shape Friday, April 14, Noon to 1 p.m. [Register]NUIT Tech Talk Series: Evaluating and Selecting a Web Hosting Service. Friday, April 28, Noon to 1:00 p.m. [Register]UNITS Third Thursday Club: Chicago and Evanston April 20, 9:30 to 10:30 a.m.UNITS Third Thursday Club: Chicago and Evanston May 18, 9:30 to 10:30 a.m.2East: Virtual Modernization — Using Modern Spellings to Search Historic Texts Wednesday, April 5, Noon to 12:45 p.m. [Register]What's New & Changing @ Northwestern Pubweb Users Find New Tools with Web Hosting Services March 2006 [more...]Create a Commercial about the NUIT MediaWorks Lab and Enter to Win an iPod March 2006 [more...] |
2006 Student Edition - Volume 2 > Security Awareness
 |
David Kovarik, Director NUIT Information & Systems Security/Compliance |
Security Awareness 
|
Social Engineering: The Always-Evolving Threat to Your Privacy
March 28, 2006"Social Engineering" might sound like a term from Poli Sci 101, but in the context of the Internet, it also describes any effort to manipulate you into giving up confidential information. These scams can put your identity or computer security at risk.
If you've heard of phishing and spoofing scams, then you already know a thing or two about social engineering — but there is good reason to learn more. Social engineering scams are always changing, from sending viruses a few years ago to more recent phishing e-mails. As soon as the public and the legal system catch on to a particular scam, social engineers find new ways to trick users.
Social engineers rely on unawareness, so your best protection is to get familiar with the warning signs of a scam, including phishing, spoofing and pharming, and keep in mind some simple do's and don'ts.
Phishing e-mail looks legitimate by using logos and colors you recognize. The "from" field may use a familiar address, and links in the message may appear to direct you to a valid Web site, but it will really send you to a spoof site. One common phishing message uses University logos and colors, and is signed from "University Administration." Luckily, many phishing e-mails are automatically caught by NUIT's E-mail Defense System.
Pharming techniques are more difficult to spot. Pharmers send e-mails containing viruses that redirect your browser to a fake Web site when you think you have gone to a legitimate site. The spoof site will request your login or account information. By first planting virus seeds, pharmers later harvest sensitive information. Learn how to protect your computer on NUIT's Spyware Treatment & Prevention Web site.
Protect Against Social Engineering
- DO have a security mindset. Always be skeptical of unfamiliar sites and links, suspicious e-mail and IM messages, and any unprompted requests for personal information.
- DO protect information. Keep your NetID password/passphrase secret and be skeptical of any requests for personal information.
- DO use IM safely. Social engineers can send scams via IM, so block IM attachments and filter traffic to only receive messages from trusted sites.
- DO browse Web sites safely. Look for "https" in the address of any site which you enter personal information. This indicates a secure connection.
- DON'T click on links directly from e-mails. Open a new browser and type the address yourself.
- DON'T reply to phishing e-mails. Never reply to phone calls, e-mail, or pop-up messages asking for personal or financial information, and be skeptical of messages from organizations you do business with.
- DON'T let security software lapse. Maintain up-to-date antivirus and anti-spyware software, and keep firewall settings active.
Learn more about social engineering and how to prevent becoming a victim of an Internet scam on the Security Awareness Tip of the Month page.
<< back
