It has been brought to our attention that a state agency is experiencing ongoing social engineering phone calls claiming to be staff from a legitimate company working to resolve WIN 7 problems. The caller then asks the staff person for their PC name and IP address. If you experience a phone call similar in nature, please do not respond and report this immediately to the Technology Support Desk at x 8324, option 3.
The term "social engineering" refers to an attempt to gain access to information, primarily through misrepresentation. Social engineering relies on the trusting nature of most individuals. Most users should be familiar with email phishing scams (a form of social engineering) and have been taught not to open attachments from unknown or un-trusted sources or to visit un-trusted websites.
Some examples of social engineering may include the following:
In this situation, the perpetrator pretends to be someone else, for example, a senior manager from your organization or someone from your Help Desk. The impersonation may occur over the telephone, in person, or via email.
This scenario refers to the ability of a perpetrator to gain access to information by simply watching what you are typing or viewing what is on your computer screen. This is known as "shoulder surfing" and can also be done by looking through a window, doorway, or simply listening in on conversations.
Searching through trash ("dumpster diving") is a method used by perpetrators to obtain sensitive information. When confidential and sensitive documents are no longer needed, be sure to shred or properly destroy them in accordance with your organization's policy.
Do not to open email attachments from unknown users or suspicious emails from trusted sources.
Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
If you see something suspicious, say something. Contact your Technology Support Line x8324.
Communications and Network Services