Social engineering
Generally: manipulation of others with the primary goal to collect confidential information.
This confidential information can be almost anything: passwords, login-credentials, company security measures, pincodes, source-code etc.: anything that could be used to gain from it.
Some examples:
-You receive a message that there's something wrong with your bankaccount, in that message a phone-number is mentioned which you can call to clear things out. During the phone-call the employee of the "so-called client-service" asks for confidential information to confirm your identity, this information than can be used to compromise your account.
-Shoulder-surfing: a person who looks over your shoulder to memorize login-credentials.
-Someone contacting the Help Desk and pretending to be a faculty or staff member requesting an emergency password reset in order to gain access to the network.
-Searching in dumpsters for information.
-Etc. etc.
How to protect yourself:
-Be suspicious of unsolicited phone calls, visits or email messages from individuals asking about internal information.
-Do not provide personal information or information about your department or organization unless you are certain of a person's authority to have it.
-Do not reveal personal or financial information in an email or over the phone.
-Be aware of your surroundings especially when entering your password, pin number, etc.
-After receiving a new password, change it immediately.
-Do not store your passwords on paper or uncrypted computer file. If you can’t remember all your usernames and passwords, there are many free applications who will store them securely for you.
