Social engineering is a dangerous technique that is used to manipulate people into giving up personal or other valuable information. These attacks rely on tricking individuals rather than using advanced hacking techniques. Since it aims to play on human behavior, social engineering can be hard to detect and prevent. To help identify these attacks, review the common tactics below.
- Phishing Emails: Attackers will send emails that can trick the receiver into thinking it is from a legitimate source, urging them to click on malicious links or provide sensitive information.
- Vishing (Voice Phishing) / Smishing (SMS phishing): Attackers use phone calls and text messages to trick users into giving up sensitive information or gain unauthorized access.
- Impersonation: Attackers pose as trusted employees. For example, an attacker may impersonate a VUMC Help Desk employee by contacting you to reset your password or MFA in order to gain access to the account.
- Detailed Knowledge: Attackers may use specific personal details to make their impersonation attempts more convincing.
To prevent and protect yourself from these attacks, here are some ways you can verify and ensure your data remains protected.
- Verify Requests: Always verify the identity of anyone requesting sensitive information. Contact them through known and trusted channels.
- Be Skeptical: Treat unsolicited requests for personal information with suspicion, even if they appear to come from a known source.
- Report Suspicious Activity: If you receive a suspicious request or notice unusual activity, report it to the VUMC Help Desk immediately.
- Be Cautious with Personal Data: Avoid sharing personal details such as your full name, date of birth, social security number, and address on social media or with untrusted sources
- Use Strong, Unique Passwords: This applies not only to your work accounts, but also all personal accounts and emails
- Monitor Your Accounts Regularly: Keep an eye on your bank statements, credit reports, and online accounts for any unusual activity; search for data leaks that may contain your information.
By remaining vigilant and cautious with your personal data, you can help protect yourself and our organization from social engineering attacks. Remember, if something feels off, trust your instincts and verify before taking any action.
For assistance or to report suspicious activity, contact the VUMC Help Desk at 615-343-HELP or email the IT Security Operations Incident Response team at phishing@vumc.org.
