SOCIAL ENGINEERING

What is Social Engineering?

It is a type of cyber attack that, by Ieveraging human psychology, identifies and
exploits people's vulnerabilities in order to steal their digital identity, obtain money
or confidential data (passwords, second authentication factor, bank account
information, etc.)..

Which mechanism does it exploit?

• The best known of the social engineering techniques is Phishing. This scam attempts to steal
personal data via email through the following mechanism: the sender pretends to be a known
organisation and contacts the user reporting urgent problems whose resolution requires entering
personal information.
• In addition to email, phishing can also exploit other tools such as SMS (smishing), voice calls
(vhishing) or instant messaging channels (WhatsApp, Twitter, Telegram).
• An advanced social engineering attack, for example, can make phone calls by having the number
of a banking institution appear on the victim's display. You should therefore always be wary of any
requests to share credentials or access codes, even if it comes from apparently reliable contacts.

What can I do?

• Stop and think before you act, especially if you feel pressured.
• Be sceptical of unusual requests and communications.
• If you are using non-work related applications (such as Whatsapp or personal email) it is advisable
to configure the verification options with multiple factors.
• Take care when clicking on links in emails, especially if they come from external senders and
request you to enter your credentials.
• Report suspicious activity to CERT.saipem@saipem.com.
• Do not hesitate to use the PhishAlarm button on the top right of your Outlook.

Remember:
• If you see something, say something!

|1