When it comes to Social Engineering attacks, the best reaction is usually inaction

Providing you have the appropriate modern defenses like MFA enabled for all of your critical accounts, including your Williams account, then these attacks are something that you should expect but not worry too much about. We can’t avoid them. They will occur. But when you receive a call, text or email that is from an unknown origin and asks you to do something, stop!

Stop and think through what’s happening. Why should you do this? Why open the email? Why should you click the link? If it sounds too good to be true, it is. Trust your gut. Let the call go to voicemail. Simply ignore the text. When it’s an unknown party, be like an immovable object and refuse to provide them with any interaction.

Most of the bulleted lists online about these attacks start with “Don’t” or “Avoid”. That’s really all you need to know. Just don’t. If someone truly needs your help, they will appropriately identify themselves and ask you properly.

If you experience a persistent problem, please contact OIT. You may always submit email spam or phish to spam​@williams​.edu, and we routinely review those submissions for opportunities to intervene in ongoing scams. However, if you are a victim of MFA Fatigue attacks, remember it means that the attacker has your password. We are here to help when a problem emerges, but we all play a role in reducing the risk of these in the first place.

Thanks for another great National Cyber Security Awareness Month! The holiday season will be upon us soon, followed by tax season, so I hope you learned a few tips that can help keep you secure in the months ahead!