Cyber hackers will often impersonate people you know or companies you do business with to trick you into divulging private and sensitive information about yourself or other campus users. Let’s suppose you receive the following email from a familiar university IT security person:
I stopped by earlier, but you were not there. I was monitoring the network and noticed that your computer is infected as a result of some questionable website you visited. We’ve known each other for a long time and I do not want you to get in trouble. Just shoot me your Unity password, and I will fix it without anyone knowing about it. You owe me one!”
What’s wrong with this scenario? Regardless of the sender, it’s a request to share your Unity password. If you do that, then your account will almost certainly be compromised. This is one reason why university policy forbids password sharing; it puts at risk your privacy and security — and the privacy and security of all other campus users whose records you can access.
Please remember that university IT personnel will never, ever ask for your password via email or telephone. Always treat such requests as fraudulent.
Be careful to scrutinize an email or even a phone call from a “person you know.” Don’t rush to socialize!
Learn more about protecting the privacy and security of yourself and others with SANS Securing the Human videos.