9. Social Engineering

Social engineering is the term used to describe crackers' attempts to get users to tell them about their passwords and other information about the system. This is also called phishing.

Here are some of the approaches used:

  • "There is something wrong with your account - please confirm your details so we can avoid cutting you off": No member of the system administration staff or other Computing Services staff will ever ask you to reveal your password or any other information about the system.
  • The "something wrong" above may be a disk quota warning - IT Services does not cut off accounts for this reason. In any case, the values given are unlikely to match your actual usage figures.
  • "I'm new to the college/department - can you help with such-and-such information". You cannot be sure of the person's bona fides, so refer them direct to your IT staff.
  • Beware of messages from "your Bank". These may look credible but genuine ones will never ask for account details.

See http://www.oucs.ox.ac.uk/email/fake/ for detailed guidance on recognising and dealing with fake emails..

Report any suspicious questions that anyone asks you to IT Services Help Centre or OxCERT right away.

Up: Contents Previous: 8. Where else do I need to take care?