Social Engineering: Be in the Know

Published: 12/17/18
ITS Communications

Social engineering is a kind of psychological manipulation that hackers use to trick you into providing them with personal information that can break your security barrier. It can happen ANYWHERE: in person, by email or by text message, and/or on the web or over the phone. Be on the lookout for when someone YOU DON’T KNOW:

• Asks you for information they’re not authorized to access.

• Uses pressure (emotion, threats, fears, rushing, etc.) to get what they want.

• Uses tactics like technical jargon, confusing terms, grandiose offers, etc. to get you to respond.

• Asks you to bypass or ignore standard security policies and procedures.

• Pretends to be someone you know (hint: listen for an unfamiliar tone).

Recently, international students have received phone calls from people pretending to represent the Department of Homeland Security. They have been threatening students with deportation unless they pay large sums of money. It’s a typical pressure tactic: pay up or get kicked out. Through social engineering, these hackers have gotten students’ email/home addresses, passport numbers, birthdates and full names.

Plan ahead by going to http://binghamton.edu/its/phishing and review how you can avoid social engineering issues. Make sure you have the

What types of social engineering attacks are there? Phishing, spear phishing, vishing, smishing, mining social media… there’s quite a list. Make sure to visit binghamton.edu/its and this page to find out more: http://bit.ly/typesofsocialengineering. Do your own research to find out more. USE CAUTION with all contacts. NEVER give out any information about you via phone, text, email, social media... without double checking the resource FIRST.

What should YOU do if you think you’re being hacked?

If someone calls you and asks for personal information, you should IMMEDIATELY be suspicious, especially if they claim to work for a U.S. government agency. Ask for the person’s full name, the name of the agency they work for and a telephone number to call them back. They’ll probably say your only option is to take action now. DO NOT believe them. You should NEVER release personal information over the phone.

Use a password manager. Password managers are programs that keep track of your passwords to your online accounts. The main benefit is that they can generate completely random, cryptic passwords that you don’t even need to remember. When you sign into an online account, the manager will enter your password for you. In order to gain entry to this “password vault,” a master password is needed to provide access to all of its contents. This might seem counterintuitive, but rest assured, any other practical alternatives are MUCH worse.

It’s better to be safe than sorry. If you think you’re getting hacked or have any further questions/concerns first go to go to http://binghamton.edu/its/phishing, then contact the Help Desk and security@binghamton.edu right away. We can only help you remain secure if you take measures to help yourself.