Social Engineering FAQ
Q: What is social engineering in regards to cyber security?
A: Social engineering is when someone attempts to gain access to information on computers or computer systems through deception and manipulation. An individual is led to believe that the hacker is a fellow employee or a person authorized to access sensitive information or equipment. This can happen over the telephone, in person or through e-mail.
Q: Is phishing a form of social engineering?
A: Phishing attacks are the most common form of social engineering in the world of computers. They use e-mail or malicious Web sites to solicit personal, often financial, information. Attackers send e-mails that appear to be from a reputable financial company or on-line retailer that request account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Q: What can I do to protect myself from social engineering attempts?
A: Almost all of these attacks can be foiled if you:
- Verify the identity of the person making the request before providing information. Is the person making the request really who they claim to be?
- Verify whether the person is authorized. Does the person have the need to know or are they authorized to make this request?
- Remember that reputable financial institutions and online retailers don’t ask their customers to provide sensitive personal information via e-mail or links in e-mails.
Q: What should I do if I get a phone call or an e-mail that I suspect is a social engineering attack?
A: Report any suspicious calls or e-mails to the Technical Support Center at 351-4357 immediately.
Q: Where can I find more information about social engineering and phishing attacks?
A: Additional information can be found at the U.S. Computer Emergency Readiness Team’s Web site or by contacting the UNC Technical Support Center.