Dangers

Password spying

Dangers already lurk when you enter your password. Who can read your keyboard when you enter your password, e.g. through the office door or a window?

  • Make sure that no one can watch you enter your password.
  • If you fear that someone has guessed your password, change it immediately!

Social engineering

Social engineering is the criminally motivated collection of information using a trusted identity. The attacker pretends to be a trustworthy person, e.g. an employee of the IT department, on the phone, by e-mail or in person and tries to obtain confidential information or access data from you. Often, time pressure or unpleasant superiors are mentioned.

Example: Your telephone rings. The caller says she works in the IT department and needs to “reset” all mailboxes. To do this, she would need your password. Otherwise, no more e-mails could be received. Vigilance is required here: You must not disclose sensitive information to unauthorized third parties. This applies in particular to access data such as login or password.

Increasingly, attempts are also being made to get employees to make bank transfers through supposed superiors. In the case of these “CEO frauds”, urgent financial transactions that must be kept secret are given as the reason.

If in doubt, find out about the person requesting information or actions from you to verify their identity and then call back. Also consult internally. Inform your supervisor or contact person of any strange incidents.

Attention

How to recognize a social engineering attack:

  • Someone you don’t know personally poses as a colleague* or authority figure with whom you are wary of asking follow-up questions.
  • She threatens you with harm or damage if you don’t help her, and makes the request urgent.
  • The attacking person may drop familiar names but finds questions annoying.
  • She refuses to provide a callback number and may flatter or flirt with you to achieve the goal.

Be aware that all callers* unknown to you may attempt attacks, especially if unusual help and urgent information is requested from you.

Good to know
  • Ask unfamiliar callers for their name, office, and phone number
  • Call back after you have ascertained the concern elsewhere
  • When in doubt, contact your supervisor or the contact person.