Body
Social Engineering:
The tactic of manipulating, influencing, or deceiving a victim to gain control over a computer system, or to steal personal and financial information.
What to Know:
- Phishing emails, smishing (SMS phishing), texts, lookalike websites, phony letters, and other communications might include names and logos of well-known brands to appear believable, Scammers know these visual cues can work to their advantage.
- Email addresses and caller ID numbers can be disguised to look like an email or call is coming from a trusted contact.
- Attackers sometimes pose as service technicians, prospective customers, and even law enforcement officers.
What to Do:
- Be aware that social engineering is real, and cybercriminals want to steal your information.
- Before interacting with a suspicious email, text, or social media message, go to the source. Visit a known website or call a trusted phone number to confirm an offer or request for information. Contact friends or colleagues to verify any out-of-character messages or social posts.
- Disconnect from any unsolicited call before providing sensitive data (like credit card numbers or details about customers and colleagues). Use a verified number to confirm an offer or request.
- If you have questions, contact the Saint Louis University IT Service Desk by calling 314-977-4000 or emailing ask@slu.edu.
Phishing:
The fraudulent practice of sending emails that appear to be from a known individual or reputable company in order to persuade individuals to reveal personal information.
Phishing Tactics:
- They say they’ve noticed some suspicious activity or log-in attempts — They haven’t!
- They claim there’s a problem with your account or your payment information — There isn’t!
- They say you need to confirm some personal or financial information — You don’t!
- They include an invoice you don’t recognize — It’s fake!
- They want you to click on a link to make a payment — But the link has malware!
- They say you’re eligible to register for a government refund — It’s a scam!
- They offer a coupon for free stuff — It’s not real!
Signs of a Phishing Scam:
- The email claims to be from a business but uses a free email provider such as Gmail.
- The sender’s email address doesn’t match the sender's name.
- The email has a generic greeting rather than stating your name.
- The email includes spelling or grammatical errors.
- The email urges you to act quickly – usually, to avoid loss of account access or financial penalties.
- The email requests personal information (e.g., SSN, credit card number, or bank account number).
- The email is too good to be true. Previous phishing emails have offered students high paying part time jobs for a simple task.
- Any email requesting your username and password should be considered a scam.
Contact the organization directly using a known website or phone number before providing this information to anyone.
Smishing and Vishing:
Cybercriminals use these to pose as a trusted source such as a bank or technology support, to get you to divulge personal information.
- Smishing: A form of social engineering that exploits SMS, or text messages. Text messages can contain links to such things as webpages, email addresses or phone numbers that when clicked may automatically download a file, open a browser window, or dial a number.
- Vishing: The social engineering approach that leverages voice communication. This technique can be combined with other forms of social engineering that entices a victim to call a certain number and divulge sensitive information.
Password Management:
Your usernames and passwords are the keys to your digital identity. Keep them safe.
Do Not share your password with others including the SLU Technology Support team.
ITS does not need this information and will never ask for this information.
If anyone asks for your username and password disconnect and call our Service Desk directly using 314-977-4000.
Recommended When Creating Passwords:
- Do not use the same username and password to access multiple applications.
- Do not use your hometown, favorite sports team, pets name or other personal details available on social media.
- Long passwords are better than short passwords.
- Complex passwords are better than simple passwords. Try including upper- & lower-case letters, numbers, and symbols.
- Use Multi-Factor Authentication (MFA) whenever available.
Malware and Ransomware:
Malware: (Short for MALicious softWARE) A file or code typically delivered via a phishing email or smishing text message that infects a workstation or mobile device allowing a cybercriminal to explore or steal information.
Ransomware: A type of Malware that encrypts computer files, making them unusable until a ransom is paid to the cybercriminal. If the ransom is not paid the computer remains unusable and the files may be published on the Internet for all to see.
Recommendations to Avoid Malware and Ransomware:
- Ensure your operating systems and applications have been updated to the latest versions.
- Install and maintain anti-virus software.
- Carefully review suspicious emails and text messages before clicking links or opening attachments.
- Backup your data to another system or cloud storage.
- Stay informed about cybersecurity risks.
- Ask questions. Contact the SLU IT Service desk for assistance at 314-977-4000 or ask@slu.edu.
For Questions and Assistance:
SLU IT Service Desk:
Hours of operation: 7:00 a.m. to 8:00 p.m. M - F
Phone Number: 314-977-4000
Email Address: ask@slu.edu
Portal: ask.slu.edu
On Campus Locations:
• ATC AskSLU Desk on Main Floor of Pius Library
• Tech Commons in Caroline 202
• Law School Service Desk in Scott Hall 752