Welcome to NCSAM week 2! This week we’ll take an in-depth look at three of the most common social engineering attacks, and the characteristics that aid in correctly identifying them. But before we reach that three-way fork, what do these have in common?

All phishing attacks are an attempt to gain unauthorized access. It’s how breaches begin almost half the time (the other half being exploitation of vulnerable systems). A traditional phishing attack is designed to provide the attacker with your username and password. Vishing may lead to the caller directly accessing your computer. No matter which format, the bad guys are trying to trick you into coughing up sensitive information, so they can use it to compromise your device or the college’s network and systems.

Whatever type of disruption you receive, the best solution is ALWAYS to just ignore it. You may be able to do more, like reporting it or unsubscribing, but the safest thing to advocate for 100% of the time is to do nothing. Williams doesn’t ask you to determine whether an email is spam or phish. If you didn’t expect it and don’t want it, simply forward it to [email protected] and let us have a look. This is a safe action to take, and can help Google and OIT identify these quickly and take intervene if necessary.

More information on these specific threats:  https://events.williams.edu/event/phishing-smishing-and-vishing-is-on-the-risedont-fall-victim-to-these-attacks/