Skip to Main

Social Engineering

 

Social engineering is a low-tech approach used by scammers to gain access to an organization’s information and resources. Suppose someone emailed a member of HR and said, “Hey, it’s Mary Johnson, Audit Manager.  I can’t log into the network or my email.  Can you send me the latest Employee Very Personal Information report for my department at maryjohnson@gmail.com? I need the report right away to finish payroll for my employees.”

This seems perfectly innocent, right . . .?

Watch out for the warning signs:

  • Taking advantage of a helpful nature
  • Implying authority to act
  • Pretending to be part of the organization
  • Urgency

Verify, Verify, Verify - Regardless of how they contact you, confirm that people are who they say they are and that they are authorized to receive the information or access they request. Only share information through normal accepted channels. 

View More Updates

Questions about information security?

Office of Information Security
214-648-7600

informationsecurity@UTSouthwestern.edu

Back-to top