What is Social Engineering?

Today's world is very different than it was 10 or even 5 years ago. In the mid 1990s, the Internet was just becoming a part of our lives. How would we get along without the Internet today? Along with the many benefits the Internet brings us, there are also the risks. Within the past few years the term, "social engineering" as it applies to computer security, has evolved.

Wikipedia defines social engineering as: the practice of obtaining confidential information by manipulation of legitimate users. The telephone and the Internet are commonly used to trick people into giving out sensitive information. For example, someone impersonating another individual calls. They tell you that they are doing some maintenance work on the computer network, and are having trouble with your account. They proceed to say that they need to log in and troubleshoot, and ask for your login/password.

Another example is the CitiBank email scam that surfaced a couple years ago. A person receives an email from what appears to be a legitimate CitiBank account The email asks the user to follow a link to update their information. The link takes them to a site that looks like the official CitiBank site, but is not. The user proceeds to enter information about their account, and this information is hijacked by the social engineer. (This is also known as "phishing"). Once the hacker has your password, he may be able get into multiple accounts.

What Can You Do?

• No reputable HelpDesk or organization should ever call and ask you for your account information. If that occurs, the best advice is to ask for a phone number to call them back. At this point, the imposter will most likely hang up or give a false number.
  
  
• To guard yourself against email scams, remain very cautious. Do not respond to unsolicited emails that suspiciously ask for your personal information. Feel free to report suspect activity to the Department of Family Medicine HelpDesk and/or forward spam messages to spamtrap@fammed.wisc.edu.

What Does the Department of Family Medicine Do?

• Spam filtering programs are in place on the Department of Family Medicine servers to deny delivery of known or highly suspect messages. Spam filters help protect users from phishers, because they reduce the number of phishing-related emails that users receive. Also, the Department of Family Medicine HelpDesk sends "Alert" emails when a known threat is circulating.