Message from Ash Hadi, Caltech Chief Information Security Officer: As part of our ongoing efforts to enhance Caltech's cybersecurity defenses, I want to bring your attention to a critical threat: increased social engineering attacks lately at Caltech.
What is Social Engineering? Social engineering involves manipulating individuals into divulging confidential information or performing actions that compromise security. These attacks exploit human psychology rather than technical vulnerabilities. Common tactics include phishing emails, vishing (voice phishing), and smishing (SMS phishing).
Why Is This Important? Social engineering attacks can lead to data breaches, financial losses, and reputational damage. Hackers impersonate trusted entities, tricking victims into revealing sensitive information or downloading malware.
How to Protect Yourself:
- Be Skeptical: Always verify the legitimacy of requests, especially if they involve the sharing of sensitive data like personal information or related to financial transactions.
- Check URLs: Hover over links in emails to ensure they lead to legitimate websites. Please don't click on these links until you have verified legitimacy.
- Beware of Urgency: Attackers often create a sense of urgency to pressure victims into acting quickly.
- Report Suspicious Activity: If you receive an unusual email or message, please report it to Caltech InfoSec. team immediately (Security@caltech.edu).
Our Collective Responsibility:
- Lead by Example: I encourage each of you to prioritize security and be cautious while performing your daily tasks at work and home office. Security is everyone's responsibility, not just IT's concern. Things that you could do:
- Scrutinize emails for suspicious elements, always use multi-factor authentication, and pay attention to emails originating from external entities and individuals specifically the ones that are pressuring a quick response.
- Pay close attention to suspicious text messages. Smishing is a social engineering attack that uses fake mobile text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals. The term "smishing" is a combination of "SMS"—or "short message service," the technology behind text messages.
- Educate and Train: Attend training sessions to recognize and respond to social engineering threats effectively. Caltech offers a couple of training classes that are available at MyLearn >Course Catalog >Computer Security:
- CyberSecurity Awareness Knowledge Precheck
- CyberSecurity Awareness
- Avoid sharing sensitive information about yourself on social media like Facebook, X, LinkedIn, etc.
- Open Communication: Report any suspicious activities promptly to Caltech Information Security at Security@caltech.edu. We value your vigilance.
Remember, you are our first line of defense against social engineering attacks. By staying informed and vigilant, we can protect Caltech and Caltech's valuable assets only if we all work together.