Social Engineering and Scams
Social Engineering can be thought of as using social pressures to make someone do something you want them to. For example, many scam artists call elderly people claiming to be able to save them money on prescription drugs. Once the victim has given them a credit card number (to lock in their “low, low prices!”), the scam artist maxes out the credit card.
With regards to passwords, a common scam is cold-calling a user and claiming to be a system administrator or network support personnel. These scam artists then ask for the user to install a piece of software (spyware or viruses) or ask for a username and password, etc.
Please be aware that neither TRG nor DL will EVER ask you for your username or password. If anyone calls and asks you for this information, ask them for a name, their staff id, and phone number where you can call them back. If your Caller ID shows a phone number, write that down before confronting the caller. Any information you get from the caller should be turned over to campus authorities.
There are several different scams currently circulating around the Internet. 419 scams (named after section 419 of the Nigerian legal code, in which they are outlawed) take several forms, including the most famous "Nigerian Prince" scam (Hello! I am a Nigerian prince and need a bank account where I can wire several million dollars; if you let me use yours, you can have a cut! http://www.snopes.com/fraud/advancefee/nigeria.asp ) Another example is the "Microsoft Technical Support Call" in which a bad guy will cold call you and claim Microsoft has seen viruses on your computer and needs you to install something to fix it (http://www.microsoft.com/security/online-privacy/msname.aspx). If you press them for a phone number where you can call them back, you'll get a phone number linked to a prepaid cell phone, from which the scammer is placing the calls. If you think you might be on the receiving end of a scam call, search on http://www.snopes.com/ to see if the people at snopes have seen a similar scam.
Thank you for taking the time to read this document. We hope you’ve found the information in here useful. To communicate to as broad a user-base as possible, we have glossed over many technical details. If you would like additional information about any of these topics, we encourage you to research more thoroughly on the Internet, or contact Kevin Metcalf in the TRG with questions/comments/etc.
Much of security is common sense, but it also requires knowledge of often confusing technology. By reading through this document, you’re working to expand your technology IQ; way to go!
Security Certificates < Social Engineering and Scams