Social Engineering is the psychological manipulation of people into performing actions or divulging confidential information. In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be your boss, a new employee, repair person, or researcher and even offering credentials to support that identity.
Phishing is a form of social engineering using email or a malicious website posing as a trusted organization. Typically, these types of attacks lead the victim to a fake website to obtain login credentials and may request confidential information such as your social security number, credit card number, bank account, etc.
Be wary of common indicators found in SCAM emails:
Example Spear Phishing Email
The most important thing you can do is to report it. In Gmail, next to the reply button, click the three vertical dots and select 鈥Report phishing鈥. This action will trigger a notification to UCM鈥檚 Information Security team.
Please do not use this method to report 鈥淯nwanted Email鈥 (SPAM). Instead, use 鈥淩eport SPAM鈥. This action will train your email filter to deliver your unwanted mail to your SPAM folder.
|
If you revealed your password, change it immediately.
If you revealed sensitive information about the University, University network ID, or MyCentral account, report the incident to the Technical Support Center (TSC) at 660-543-4357 or tsc@ucmo.edu.
If your financial information is compromised, contact your financial institution immediately.
If you provided personal or financial information to an illegitimate site, file a report with the .
Victims of phishing and scams could become victims of identity theft; the provides steps you can take to minimize your risk. You may contact UCM Public Safety or other law enforcement agency for additional assistance and information.
by the Federal Trade Commission
by the United States Computer Emergency Readiness Team (US-CERT)
by the Cybersecurity and Infrastructure Security Agency (CISA) was reproduced under .
by google.com