Social engineering IT and Library Services

Social engineering is a new term for some very old ‘con tricks' and is a technique which exploits common, predictable patterns of behaviour in individuals to access secure systems or personal information. These are techniques which trick you into supplying information for fraud or system access BUT they aren't restricted to the online environment and are just as likely to come to you via a telephone call or even a face-to-face conversation (e.g. a telephone call from someone impersonating a technical support agent, an ‘IT technician' asking you to log on to their machine with your details).

In some instances the smallest piece of personal information can be used to give an air of credibility to these individuals (e.g. a date of birth, details of school attended, workplace) and the increasing popularity of Facebook and the naivety of many users when publishing personal information about themselves, has been a source of information for fraudsters looking for information to gain them a ‘foot in the door'.

What can you do about it?

Publish at your peril: Think about all the information you have published online: via Facebook, Twitter or your own personal web pages, also consider what is published about you in staff or club membership profiles which are created or posted on line. Review what's there (try ‘Googling' yourself to check if there are any listings for you that you didn't know about or remember) and make sure personal details are either removed or only visible to those who actually know you.

Don't be afraid: It's ok to challenge anyone who requests personal information by phone, email, text or face to face: genuine individuals will understand and won't mind. Fraudsters rely on our reluctance to stand up and query their legitimacy or to refuse a polite request.