Social engineering is when individuals or groups attempt to trick people to reveal sensitive information or granting access to systems. It targets human behaviour such as urgency, curiosity, trust or fear rather than using hacking technology.

The attacks may appear as emails, messages or in-person requests and seem legitimate.

Common types of social engineering

• Phishing/ Spear phishing
• Vishing (Voice Phishing)
• Smishing (SMS phishing)
• Quishing (QR phishing)
• Baiting – Offering something tempting such as USB drive or free software
• Tailgating/ Piggy backing (An unauthorised person enters a secure area by following someone with legitimate access)
• Searching rubbish for sensitive information which is often referred to as dumpster diving

Key Warning Signals

• Sense of urgency
• Request for passwords or Multi Factor Authentication (MFA) codes
• Unexpected attachments or links
• Messages that create fear or pressure
• ‘Too good to be true’ offers

Stay alert and follow these simple steps

• • Be cautious of unexpected requests. Do not share passwords, codes, financial or sensitive information.
  • Verify before you trust – unusual call, email or message even if it may seem official – verify it through an official channel.
  • Never approve MFA prompts you did not initiate.
  • Do not allow unknown people to enter secure physical spaces on campus and report suspicious entries to Security on (08) 8201 2880 (this number is located on the back of your Flinders staff ID).
  • Dispose of sensitive documents securely (e.g. by shredding) and destroy any storage media not being reused. You can submit an e-waste disposal request through Service One to arrange secure disposal of electronic devices and storage media.

If something seems suspicious, do not respond. Report it immediately to the Information & Digital Services (IDS) Service Desk on (08) 8201 2345 or ictsecurity@flinders.edu.au

 Stay alert.  Think before you act.