Social engineering is a tactic used by attackers that takes advantage of people’s emotions in order to access sensitive or confidential information. It is very important to know who we are talking to and why the person needs the data. Always remain calm, do not respond immediately, and talk to your manager or the security team if something happens.
Phishing attacks are messages that look legitimate, but are actually scams to access your account or device. Pay attention to who forwards the message, if the subject is relevant, if the message text has syntax and semantic errors. Most important: always think before you click! And do not download any unexpected file.
Vishing & Smishing
Scams also happen via telephone (vishing) or text (smishing). If you receive a call, make sure you know the person, and wait for a face-to-face meeting to talk about confidential information. If you receive a text, do not click on any links and or forward personal data by message. Try contacting the sender by other means to confirm the purpose of the message.
Scams don’t just happen online. It is possible an attacker might try to access your organization’s office to collect digital or hard copies of sensitive data. If you find an unknown person in the office, ask to see the person’s badge and immediately notify the security team.