Skip to content

Social Engineering

Jump to bottom
MrVaughan edited this page Sep 29, 2015 · 6 revisions

##Threats Social Engineering is a broad topic in security where an attacker will attempt to gain information or get you to perform an action by just talking to you. Often this is done either in person, over the phone, or via email but on every platform of the Internet there is someone trying to run some sort of social engineering scam against you.

##Things to Remember

  • If it sounds too good to be true it probably is.
  • No one is trying to send you money, not even a Nigerian prince.
  • Your bank would never call/email/ask you for your information. If it really is your bank ask them to prove it (What's my balance? Last transaction? What Credit card product do I have?).
  • Microsoft would never call you to provide technical support. This also applies to Apple and other companies.
  • Nobody can know that your machine is infected with a virus, don't trust anyone trying to tell you that they can fix it over the phone.

##Best Practices

  • Google the caller-id number from the person calling you. Ask for a call back number and Google it.
  • Don't open attachments or click on links from anyone you don't know.
  • Hover over the email address / link to ensure the address matches what it claims to be.
  • Attempt to verify the identity of anyone who contacts.
  • Do not give out any personal information.
  • Do not let anyone into your home.
  • Don't fall victim to pressure tactics, attackers will try to make you feel guilty for not helping them don't give in.
Clone this wiki locally