Kansas State University

search

IT News

Don’t take the bait: Tips to avoid social engineering attacks

In today’s interconnected world, where technology plays an ever-expanding role in our lives, safeguarding your digital presence is of primary importance. Social engineering attacks have emerged as a pervasive threat, relying on the manipulation of human psychology to gain unauthorized access to sensitive information.

""

K-Staters can protect themselves from social engineers and other types of cybersecurity attacks by being proactive about security. There are many things you can do to protect yourself:

  • Educate yourself and others – Knowledge is the first line of defense against social engineering attacks. By understanding the common tactics used by attackers, people can recognize suspicious requests and behaviors. K-State offers annual security training to aid in this task.
  • Use strong passwords and two-factor authentication – Maintaining robust password practices is vital. Use complex and unique passwords for each account. Additionally, enable multi-factor authentication (MFA) wherever possible to add an extra layer of protection. Two-factor authentication involves using multiple methods to authenticate. If you accidentally fall for a scam, a scammer will need to know your K-State eID and password, along with a second factor for authentication.
  • Beware of phishing emails – Phishing emails are a common social engineering tool. Be cautious when receiving unsolicited emails, especially those urging immediate action. Check the sender’s email address, inspect the message for typos and inconsistencies, and avoid clicking on suspicious links or downloading attachments.
  • Verify Requests for Funds or Sensitive Data – Before transferring funds or sharing confidential information, independently verify such requests. Use established contact information, not information provided in an email or message. If in doubt, contact the requester directly through a known and trusted channel..
  • Keep your computer’s software up-to-date – Immediately install operating system and application security updates for your computer, phone, and other mobile devices.
  • Uninstall unused applications – Applications no longer in use or that have reached their end of life and are no longer supported by the vendor, meaning no more security updates, will leave your computer vulnerable to attacks.
  • Disable unused hardware – If you are not using Bluetooth, you should disable it. It is just another open door for an attacker to gain access to your computer.
  • Check for HTTPS – When you’re on a website that isn’t using HTTPS, there’s no guarantee that the transfer of information between you and the site is secure. Double-check that a site’s using HTTPS before you give away personal or private information.
  • Check your browser “addins” and extensions – Some may be keyloggers that record keystrokes and can send your account credentials to the scammer.
  • Familiarize yourself with your cybersecurity policies and procedures – K-State’s policies and procedures regarding IT security can be found at https://www.k-state.edu/it/about/policies/. Security is a people and management challenge. You must play your part and become aware of policies and procedures that can help secure the K-State network. It can take just one person to break the link in the security chain.
  • Use a Virtual Private Network (VPN) to privatize your connection – K-State uses GlobalProtect. If you are on an unsecured network like at a coffee shop, you may want to use GlobalProtect to make your connection is private.
  • When in doubt, send it to abuse – If you receive a questionable email and prefer to play it safe, you can send it to abuse@ksu.edu. K-State’s Security Intelligence and Operations Center (SIOC) will investigate the email and let you know if it is legitimate or not.

Share this post: