Social engineering attacks, most commonly known as phishing, are delivered in many different ways. Phishing = emails. Smishing = text messaging. Vishing = voice scams or phone calls. No matter the delivery, there are common clues you can spot.
- Urgency: Any message that creates a tremendous sense of urgency in which attackers are trying to rush you into taking quick action and making a mistake. An example is a message claiming to be from the government, stating your taxes are overdue and if you don’t pay right away you will end up in jail.
- Pressure: Any message that pressures an employee to ignore or bypass company security policies and procedures.
- Curiosity: Any message that generates a tremendous amount of curiosity or seems too good to be true, such as an undelivered UPS package or a notice that you are receiving an Amazon refund.
- Tone: Any message that appears to be coming from someone you know such as a coworker, but the wording does not sound like them, or the overall tone or signature is wrong.
- Sensitive Information: Any message requesting highly sensitive information, such as your password or credit card.
- Generic: A message coming from a trusted organization but using a generic salutation such as “Dear Customer”. If Amazon has a package for you or your phone service has a billing issue, they know your name.
- Personal Email Address: Any email that appears to come from a legitimate organization, vendor, or co-worker, but is using a personal email address like @gmail.com or @hotmail.com.
By looking for these common clues you can go a long way toward protecting yourself. Any suspicious UT Health Science Center communication should be forwarded to abuse@uthsc.edu for examination so we can block the attack.