By Joseph Brancato, Ohio State Bar Association systems administrator
While we should all be on watch for attempts by malicious hackers to steal our information, it is just as important to be aware of attempts to “social engineer” valuable information from us (aka “phishing”). Normally this comes in the form of emails asking you to “login for important information regarding your account,” but recently there has been an increase in the use of the telephone to trick employees into giving out sensitive information (server names, usernames, passwords, etc). If you are at all suspicious about an attempt from an unknown agent to get sensitive information about our work environment, please check with your IT department and/or your supervisor first.
Here are a few general rules to help minimize your risk of being defrauded:
- If you receive an unexpected email asking you to login to your account, never use a “click this link to login” from that email. Instead, Google the company, and go directly to their website to login.
- You should never send sensitive information like usernames, passwords, Social Security numbers, account numbers, etc., through email. If you would not want it on the front page of the newspaper, do not send it in an email.
- If you are suspicious of a request over the phone for information, inform the caller you will hang-up, and call the company's main number (Google for it), and ask for their extension so you can be transferred back to the caller. An unauthorized person will not be able to do this (or will give you a false extension to avoid being found out).
For more information, please visit the following websites: