Using an example for each of the different types of social engineering

Phishing is a type of social engineering attack where the attacker poses as a trustworthy entity in order to deceive individuals into revealing sensitive information, such as usernames, passwords, or credit card details. In a tertiary college academic and record keeping environment, phishing can be implemented through various methods.

Example: Fake email from the college administration

Implementation: The attacker sends an email to students, faculty, or staff members, pretending to be from the college administration. The email may inform the recipient about an urgent issue, such as a security breach or a need to update their login credentials. The email may contain a link that appears to lead to the college's official website or a login page. However, this link actually redirects the recipient to a fake website that looks identical to the real one. When the victim enters their login information, it is captured by the attacker, allowing them to gain unauthorized access to college systems or steal personal information.

To mitigate the risk of phishing attacks, the college can educate their community about the signs of phishing emails and how to verify the legitimacy of any requests for sensitive information. They can also implement email filtering systems to detect and block suspicious emails before they reach users' inboxes. Additionally, two-factor authentication mechanisms can enhance security by requiring an additional verification step beyond a username and password.