Understanding Social Engineering

Social engineering is the term for exploiting human psychology, rather than traditional hacking techniques, to gain access to buildings, systems, devices, or data. For example, a social engineer might call a UF phone number and pose as an IT support person, trying to trick the employee into divulging passwords. David Maurer in The Big Con writes of 1940s confidence [con] men and how they gained the trust of victims. It’s the same in the 2020s: social engineers want to seem believable whether by email, phone call, text, or in person–they gain the victim’s trust to get what they want. Two types of social engineering techniques are employment scams and tailgaiting:

1. Employment scams are plentiful, and many, if not most, students have received an email advertising a 10 hour per week campus job earning $350 per week. Think twice before clicking on the links in an email advertising a job you didn’t inquire about.
2. Tailgating is when someone enlists your help to gain unauthorized building access. An example is when a person with an armful of packages asks you to open the door with your UFID card since they can’t reach theirs. You naturally want to be helpful, but someone now has access they shouldn’t.

UFIT is launching an updated social engineering webpage this spring. In the meantime, if you suspect an email you receive in your GatorMail may be phishing, report it to abuse@ufl.edu. And remember, Gators…be aware of who you are letting access UF residence halls, academic buildings, and other secure campus spaces.

Install Patches [Updates] To Your Devices

Whether you are a faculty member, student, or staff, inevitably you’ve worked more from home in the past 16 months than ever before. If you use a personally-owned laptop or PC not managed by UF technical staff, chances are your device(s) aren’t up to date. Outdated devices allow cybercriminals to exploit bugs, so it’s important to secure them. There is an easy way to protect personally-owned devices and the data on them: patching.

A patch, also called an update or software update depending on the device manufacturer, is released to fix security vulnerabilities and other bugs. Applying the update as soon as it’s released is important, because they are often in response to a known vulnerability or virus. Updates not only improve the security of your device, but often provide additional functionality, usability, or performance of features. All software has bugs, and manufacturers constantly identify and patch these–just as cybercriminals constantly look for bugs they can use to attack devices and steal data.

A good way to stay current with patches is to enable automatic updates. Read item #1 on https://security.ufl.edu/resources/protect-your-computer/ for simple instructions to enable automatic updates on Mac and Windows devices. Another good tip: Reboot your laptop, smartphone, PC, and other devices each week, rather than just closing the lid or logging off. Completely shutting down and restarting devices helps to install and apply updates. You can learn more tips on the Information Security Office website.