_____________
What You Need To Know:
Social engineering is the broad term for any cyber attack that relies on fooling the user into taking action or divulging information. Since such attacks rely on you, the user, to be successful, you must be alert to them. Think twice every time: is this real, or a trick? If you suspect that you've been targeted, don't just ignore it; instead, send an email to cppm@lbl.gov as soon as possible. It's likely other people at LBNL were also targeted by the same attack - reporting it will help to protect the people who didn't recognize it.
Click on the icons below to learn more about how each one can be used in a social engineering exploit:
|
Examples of Targeted Social Engineering
-
A phone call that purports to be from the Help Desk asking you for your password.
-
An email that purports to be from computer security asking you to install a piece of software
- A CD or USB Flash Device that arrives in the mail unexpectedly, claiming to be from LBL or DOE.
Examples of General Social Engineering
- Email that purports to be from your Bank or Credit Card company asking you to update personal information
- Email that claims to be from a shopping or auction site asking you to provide information about a purchase
- Email that claims to have important information about a topic that interests you: for instance, about a recent crime in the area, that has a malicious attachment.
|
What can you do?
- Separate your work life from your personal life: Don't use your @lbl.gov email address for personal banking or shopping. Use different passwords for your work and personal accounts.
- Think twice every time: A little bit of awareness goes a long way. Stay alert about possible attempts to steal your information - be suspect of things that don't feel right.
- Know the signs of a scam: While not fullproof, being aware of the signs of a scam may help you to spot one. See "how can I tell" below.
- Report it fast. If you ever suspect you've been targeted, report it to cppm@lbl.gov fast. Don't just delete or ignore it - it's possible someone else was attacked in the same way - reporting it might save them, or it might save the whole Lab.
How can I tell the real from the fake?
Resources:
|