Week 3 - Social Engineering Awareness

Beware of Phishing

             Check it Out: SDSU Phish Bowl

Don't Take the Bait

If it's too good to be true, it's likely a social engineering scam. These scams often try to trick people into giving away money or personal information by faking direct deposit or vendor payment changes. The messages can look convincing: a name you recognize, a real-looking email, or even a text or call from someone pretending to be a trusted contact. Their goal is to get you to act quickly before you stop to question it.

Phishing is one of the most common cyberattacks targeting students, faculty and staff. Attackers disguise themselves as trustworthy sources, through emails, texts or websites, to trick you into giving up sensitive information like usernames, passwords or financial details.

By staying alert and taking a moment to verify before responding, you help keep our SDSU community cyber safe. Together, we can protect one another.

Common Social Engineering Tactics

  1. Email Phishing: Fraudulent emails that appear to be from reputable sources, asking you to click on a link or download an attachment.
  2. Spear Phishing: Targeted attacks aimed at specific individuals or organizations, often using personal information to appear more convincing.
  3. Smishing and Vishing: Phishing attempts via SMS (smishing) or voice calls (vishing), urging you to provide personal information or make payments.
  4. Clone Phishing: Duplicating a legitimate email and replacing the attachment or link with a malicious one.

How Do I Spot Social Engineering Scams?

  1. Recognize: Spot telltales: urgency, authority pressure, secrecy, or unusual payment/access requests.
  2. Verify: Use known contact info; don’t trust links, numbers, or QR codes in the message.
  3. Resist: Don’t click, download, or share passwords/MFA codes if anything feels off.
  4. Delete: Remove the message (or quarantine) instead of engaging.
  5. Report: Forward suspicious messages to [email protected].

Protect Yourself 

  • Change Your Passwords: Immediately update passwords for any compromised accounts. To get help, visit the IT Help Desk and create a ServiceNow Ticket.
  • Contact Your Bank: If financial information was shared, notify your bank to monitor for suspicious activity.
  • Educate Yourself and Others: Be aware of the current phishing scams affecting SDSU. Shared information with friends, family, colleagues.

 

Get Help

To request a service, please submit a ticket via ServiceNow.

IT Security Office
Administration Building
security.sdsu.edu
IT Self Help Resources

Report an Incident

Please contact the Information Security team immediately if you experience or are aware of any of the following: