College of Engineering |

DECS

Beware of Social Engineering

Social Engineering is an attack vector that relies on your interaction and often involves tricking you into breaking security procedures. Cyber attackers discovered that the easiest way to get your information is to simply ask for it. Common sense is the best defense against a social engineering attack. If the message seems odd, suspicious, or even too good to be true, then it is probably a social engineering attack. Examples of social engineering include:

  • Phishing: These are emails designed to fool you into giving out your credentials or get you to open an infected attachment. The emails can appear quite legitimate or coming from friends, family, or Michigan State University. See the How To Recognize a Phishing Email page for more information. 
  • Phone Spoofs: Another example of social engineering is when someone calls you pretending to be Microsoft. They claim that they have detected computer viruses or malicious software on your computer. They'll try to remotely connect to your computer to steal your information or to get you to buy their fake antivirus software.

Secure Your Home Network

Your router/modem is a physical device that controls who can connect to your network.  Every device has a default password that is usually published by the manufacturer. Once installed, change the password on your router/modem to be a strong password that only you know.

Configure your home wireless devices to use encryption. By using encryption, you can prevent other people from using your network. It would also prevent a hacker from connecting to your network and listening to the data being transmitted. They could steal your login credentials, banking information or other person information. You should configure your wireless access point to use the latest encryption.

Protect Your Computer and Devices

Ensure that all of your devices are protected by strong PINs or passwords. Make sure that your devices are running the latest version of their software and do not let the computers fall out date. When possible, consider turning on automatic updating.

If multiple people are sharing a device, each person should have their own account. This way, if something happens to one account, the other accounts should not be affected. Also consider having a separate administrator account than your everyday account.

Your computers should have the Windows firewall turned on and antivirus software installed--and make sure that they are up to date. There are many free antivirus software packages available along with paid ones. As an MSU employee, faculty or student, you are eligible for a free copy of Symantec Endpoint Protection. Instructions for installing the software can be found on the MSU IT Services helpdesk system (https://itservicedesk.msu.edu/).

Before you dispose of your old computers and devices, wipe any personal information off the device. IT Services has instruction about how to securely dispose of your data.

If you want to wipe your phone or tablet, there are several ways to accomplish this: download an app from the app store to wipe the device or fill the device's memory with a few large videos and then perform factory reset.

Securing Your Online Accounts

More than likely, you probably have a large number of online accounts on your computer and mobile devices. Here are some tips to secure your online accounts:

  1. Never reuse passwords between accounts. Consider using long passwords that are hard to guess or try using passphrases. Passphrase are passwords that have multiple words that are not related.
  2. Use two factor authentication wherever possible.
  3. On social media accounts, be careful what information you make public. Hackers can use the information you post to try and guess your password or security questions. Have you ever posted your childhood nickname? Favorite movie? The city your parents grew up in? Name of your high school? Favorite author? Each one of these can be used as answers for password reset security questions. If you post this information online, it could be possible for someone to reset your password.

What To Do if You Have Been Hacked

No matter how secure are you with your password, how well you take care of your devices, you may get hacked.  Here are some tips if you do get hacked:

  1. Change your online account password. Remember that the longer a password is the harder it is to guess. Or you could consider using passphrase. If you're having difficulty remembering your passwords, use get a password manager program. If you reuse a password, consider changing all your passwords to distinct individual passwords.
  2. If you think that your personal information has been compromised and could lead to identity theft,  visit the following for Michigan residents.
  3. You can check to see if any of your accounts have been involved in a major data breach at https://haveibeenpwned.com/.  This website is a project of Troy Hunt, a Microsoft Regional Director and also a Microsoft Most Valuable Professional for Developer Security.
Keywords
Security category