A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Social Engineering

Tricking people into giving out personal information

Social engineering is the practice of tricking people into giving out personal information. Many online games and online casinos have a chat component that lets you talk to other players. This allows you to trade with others, share encouragement, or “trash talk” during the game. Unfortunately it can also put you in touch with players who want to gain your trust and personal information for their own purposes.

Protective Measures

Practices

  • Protect personal information while chatting in games: Keep in mind that the other players might have an interest in harming you. Most gaming companies will communicate with you over a private channel if they ever need any form of personal information from you. Unless you are using an official support communications channel, assume that the people you are communicating with during a game are not related to the company. Never provide financial information, such as credit card numbers, in a chat; no legitimate company will ever ask you for this information in such a forum. Companies will also not ask you to provide them with your account information during a game, since they are able to look that up themselves. Never reveal your password to anyone else.

  • Consult the person in charge of a network before connecting to it: When using a public network, ask how security is enforced in the network, then make sure you follow all security rules and connect to the appropriate network. If anything suspicious occurs, immediately disconnect from the network (by turning off your computer or PDA or disabling the network interface card or Internet connection) and consult the person in charge.

Settings

  • Disconnect from the network if you have any security concerns: There are two ways to disconnect from a network. The first way is to shut your computer down entirely. The second way is to disable the network interface card on your computer.

    1. To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.

      fragments_02000001.jpg

    2. Select the name of the network interface that connects your computer to the Internet. It is usually labeled Wireless or Local Area Network.
    3. Right click on it, and select "Disable." When you disable the interface, the icon will turn a light gray color.

      fragments_02000002.jpg

    4. When you want to reconnect to the Internet, return to the interface icon, right click on it, and select "Enable."

Connect Safely from Different Places

Office

Remember that your company's data is valuable to your competitors. Guard this information as carefully as you would your own.

Mobile

You are just as vulnerable to this kind of attack when you communicate using a mobile device as you are when you use a personal computer.

On the road

Regardless of whether you are using your personal computer in a public place or using a public computer, you are vulnerable to a social engineering attack every time you interact with others online.

Privacy Issues

Be careful about the information you divulge about yourself and who you work for. Somebody could take the small amount of information you supply and plug it into a search engine to find more information, such as your address, phone number or a personal Web site.

Related case studies

Links

References

Filing a complaint

My home page