October 06, 2017
Social engineering is the process of retrieving/obtaining Personally Identifiable Information (PII) for fraudulent means, typically through manipulation (e.g., phishing, spear phishing). Social engineering attacks have existed for over a decade during which time a large industry centered on PII theft has thrived. Over the past three years more than 250 million confidential business records were reported lost or stolen. Here are some quick tips to help keep your PII safe:
Phishing emails are messages that ask for personal information such as social security numbers, phone numbers, and account login credentials. Cyber criminals send these messages to large groups of people with the hope that a few responses are returned. Spear phishing attacks are written and tailored to a more defined group of people using information that pertains directly to the recipients. The elements of a spear phishing attack are often gathered from social media accounts, public resumes (including LinkedIn), and other sources.
Learning to avoid phishing emails and identify “phishy” websites is a skill that will help protect your personal information. Here are some tips for spotting phony emails:
If you question whether a message you receive is credible, ignore the message or ask the sender to verify that they sent the message in a separate email. Another best practice is to send questionable emails to Information Technology Services (ITS) for review at IsThisEmailSafe@uky.edu. For additional questions, please contact Security@uky.edu.