Social Engineering

Phishing is probably the most common form of social engineering we see at the University. The emails will typically contain a statement that something is going to happen to your account if you don't act now, which usually involves clicking on a link to a page where you are requested to provide your username and password and sometimes more.

Another variant of phishing is Spear Phishing, which is targeted towards a specific individual or position likely to obtain confidential information or higher level credentials.

Business Email Compromise (BEC), also known as man-in-the-email scam, is a type of a scam that utilizes social engineering to trick and scam employees and executives in a company. They will impersonate higher level management in order to make wire transfers, give credit card information, write a check, or even purchase a gift card. To learn more about this type of social engineering, please check out these articles: article 1 and article 2.

Sextortion emails include the cyber criminal threating to release compromising information or material of the recipient to their contacts. They will often include personal information include user names and passwords to further scare the victim. To learn more about this type of threat, see these articles: article 1 and article 2.

Baiting is when the attacker leaves a malware-infected physical device, such as a USB, in a place where it is sure to be found. Once the device is plugged in, the malware installs.

Tailgating is when an unauthorized individual follows an authorized individual into a secure area. This is usually for the unauthorized party to steal property or information.

When one party lies to another to gain access to privileged data, such as personal or financial data to confirm the identity of the intended recipient. Pretexting attacks are commonly used to gain both sensitive and non-sensitive information.