Preventing Social Engineering Attacks

August 18, 2020

Social Engineering criminals focus their attention at attacking people as opposed to infrastructure. Social engineering begins with research; an attacker may look for publicly available information that they can use against you. These attacks can come in a variety of formats: email, voicemail, SMS messages, DMs, or via social media and attempt to prey on your respect for authority, courtesy, or trust. 

Here are five things you can do to protect yourself:

1. Take Your Time

Social engineers will often attempt to rush you to do something before you have time to think. Pressure is one of their tactics. Stop and take your time to evaluate the situation before responding. 

2. Ask Why

Unsolicited phone calls, texts, DMs, or email messages from individuals asking you for your personal information should be questioned. If an individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.

3. Keep What’s Personal, Personal

Limit information about yourself on public sites and don’t respond to solicitations for this information. 

4. Protect Yourself Technically:

Keep computer desktops, laptops, and smartphones protected with the latest O/S and application security patches, up-to-date anti-malware programs, and by learning to use mobile devices securely.

5. Report it!

Make sure to report suspected phishing attacks so that we can remove their threat. Using the bMail web interface:

  1. Open the message
  2. To the right of 'Reply' arrow, select 'More' (typically denoted with three vertical dots)
  3. Then 'Report phishing'

If you are unable to log into bMail forward the message to phishing@berkeley.edu

If you want to know more about social engineering tactics, see our Social Engineering Toolkit and, as always, you can reach out to security.berkeley.edu if you have any questions or concerns.