Attackers obtain your personal information through publicly available sources such as social media sites or may purchase personal information online. This information is then used to personalize their social engineering scams. They may try and trick you into believing that they have information that would be detrimental if released or that they somehow already have access to your systems, photos, or other key data to get you to pay them, or give them more information to enable access to your accounts, computer, etc. This approach is unfortunately oftentimes effective as people act out of fear.
Social engineering attackers may use familiar names, passwords, phone numbers, or other information to get you to believe that they are targeting you directly. Attackers use psychological tactics, and they know that when you are afraid, embarrassed, or feel rushed that you are more likely to believe them and comply with their requests.
If you receive a suspicious email with any of these characteristics, immediately report it to IT Security Services by forwarding it to abuse@wsu.edu.
Questions? Contact:
