Social Engineering is the practice of manipulating people into revealing sensitive information or taking further action through social interaction. Sensitive information is any information that can be used to identify an individual or gain access to their records. Examples include first and last name, date of birth, social security number, address, address, phone number, and passwords. One method that a perpetrator can use to contact a victim is through email. In this case, the victim may receive an email that appears to be from someone they know. The perpetrator is able to do this by conducting research on the victim. They may look up where the victim works through a public directory and use a coworker's name in the email.
This person could ask the victim do perform an action or ask them for sensitive information, such as a phone number. The perpetrator could use whatever information that is given for malicious purposes.
Example: Say you have a coworker named John Smith, who you are friends with. One day you receive a new message in your email inbox...
From: cw123@gmail.com
Hello. What is your cell phone number?
John Smith
<Your department>
SUNY Brockport
How to detect a social engineering email?
- Check the sender's email address. Does it look unfamiliar? Does the name in the email match your coworker's / boss's name?
- Do NOT click any links or provide any information. The link may be malicious. Do NOT respond to the email.
- Confirm with the coworker/friend/etc who is claimed to have sent the email to see if its really them.
Need to report an IT security event or incident?
To report, please submit a ticket here: Report an IT Security Incident, or call the IT Service Desk at (585) 395-5151 Option 1.