Educating Students to Resist Social Engineering Attacks

Teenagers who are attracted to online services find themselves vulnerable to online risks. Since they are eager to make new friends online and show no hesitancy to share information with others, which makes them easy targets for online social engineering attacks. We may not understand the objective of a social engineer’s need for information. All we have to teach students is to be careful and examine the way they talk with others in person and online.

Help students follow the pointers below:

• Scan all email attachments before opening them.
• Don’t click the links that are posted in the emails unless you know the sender. And check the link when you hover over it to see where it is going to take you.
• Recognize that banks and IT administrators will never ask for passwords or PINs over email or even in person
• Maintain different passwords for different online services and use strong passwords. Always store passwords in your memory rather than noting down somewhere
• Always validate the source of who is asking for your information over email/phone by asking for a call back number to verify their identity or check the Google search engine for the name of the organization and check the authenticity of the call.
• Install an antivirus software which will alert for spam, virus and malware affected files

• Never be pressurized to share your information when someone says “I know you? You didn’t recognize me?” Insist on getting the speaker’s details, before resuming the conversation.
• Never give your phone to anyone under any pretext (battery discharged or lost), this is one way of getting your phone number as well as checking other numbers on your contacts
• Never ask strangers to come home in your parents’ absence. Always have a parent’s permission when inviting someone home
• Always ensure that your cell phone or smart devices are passwords secured, this will prevent anyone from accessing it when you leave them unattended
• Always be cautious of your surroundings, when you are viewing your personal information or checking your cell phone or entering your PIN at the ATM. Politely ask them to stand back. This should be applied even when you are using the Internet at the Internet café, beware of people around you.
• Never connect a USB which you found unattended; the USB may be infected with a Trojan embedded by a hacker to gain access to your system
• Never leave your bag with personal identifiable information unattended, even in the playground or sports center. Always leave it with trusted people or at the security counter when at the mall
• Always shred documents that have your name and address on them before discarding them.
• Always store important confidential documents in locked cupboards. Ensure you carry and submit photocopies of the original document, unless original documents are made mandatory
• When someone identifies themselves as related to your classmate wanting to enter the school premises with you, escort them to the security counter and ask them to inform them of the purpose of the visit

Help students to know the significance of following these rules and encourage them to share these tips with friends, family members, and also on their social networking accounts. Following the above rules will help resist social engineering attacks. Encourage them to always approach parents or teachers when in doubt.