The document discusses various methods of social engineering such as phishing, baiting, and ransomware that aim to manipulate people into divulging private information. It provides examples of common social engineering scams like phishing emails and explains how to identify potential scams and protect personal information. The document also offers advice on what to do if a social engineering attempt was successful, such as immediately contacting IT security and changing passwords.

1. Social Engineering
Phishing, Baiting, Ransonware and more

2. What is Social Engineering?
• Social Engineering: the manipulation of people into
performing actions or divulging confidential information
• Phishing/Vishing
• Baiting
• Ransomware
• Malware

3. Phishing and Vishing
• Phishing: the attempt to acquire
personal information by masquerading
as a trustworthy identity in an
electronic communication
• Vishing: the criminal practice
of using social engineering
over the telephone
• Smishing: Text messages asking
for personal information
• These methods of social engineering
are used to gain personal information
such as passwords, usernames, and credit card information.

4. Baiting and Quid Pro Quo
• Baiting: the use of infected
• physical media (disks, flashdrives,
• CD-ROMs) to lure victims into
• inserting the infected equipment
• into their company computers
• thus giving the hacker access
• to private information.
• Quid Pro Quo (something for something): Hackers call
random numbers at a company claiming to be calling back
from technical support. Eventually someone will respond
because they had filed a complaint earlier and while the hacker
“helps” he/she will steal valuable information.

5. Spotting Phishing Scams
• The next slide is an example of a phishing scam from a
bank. Many Phishing scams have become more
sophisticated and may use businesses you’re associated
with to get your information. There are various ways to
identify an e-mail as a scam. These warning signs are
labeled in the picture and will be explained. It is
important to be aware of these methods in order to avoid
infecting TVA computers when checking your personal e-
mail.

6. Spotting a Phishing Scam

7. Spotting Phishing Scams
• A- Spoof e-mails may include a forged e-mail address in the “From” line. Some
may actually be real e-mail addresses that have been forged.
• B- Many spoof e-mails will begin with a general greeting such as “Dear
Washington Mutual Customer” instead of using your actual identification.
• C- Urgency is often implied claiming your account may have been accessed by an
unauthorized third party
• D- Many spoof e-mails will try to deceive you with the threat that you account is
in jeopardy and if you fail to verify or confirm your personal information your
account will be suspended.
• E- Keep in mind that while many emails may contain links to use to verify
information these links may be forged as well
• F- Requests that you enter sensitive personal information such as a user ID,
password, or bank account number by clicking on a link or completing a form
within the e-mail are clear indicators of a scam. TVA will NEVER ask for
personal information through e-mail.

8. More on Prevention
• Never trust e-mails or text messages
• from people you do not know
• Listen closely to phone calls.
• Does it sound legitimate? IT
• personnel will not need your
• password or other personal information
• in order to fix any of your issues.
• Protect your computer by constantly
• updating your antivirus protection
• Never insert any hardware not
• approved by TVA into the systems
• (flash drives, chargers, ect)
• Use unique passwords
• Change passwords frequently

9. Safe Internet Practice
• Many times phishing attempts may direct you to a fake
website for in order to gain information. Also, you may
encounter a fake website while using a search system like
Google. There are multiple ways to identify websites as
potentially fake or dangerous. An example picture is
provided on the next slide.

11. Fake Websites
• G – Legitimate websites maintain current certificates for
secure pages. To authenticate the sites secure web page follow
these steps:
• Look at the padlock in the lower right corner of your browser
• Look at the address window above, the letters https:// should
appear in front of the address of the forms screen.
• On the secure web page click on the file menu and go to
properties
• Click on the button at the bottom of the screen called certificates –
it should include the web address with which the security
certificate was issued and the validity dates

12. What if its too late?
• If you have accidently infected your hardware with a
virus or you feel your computer has been hacked while at
work contact there are multiple steps to take.’
• Contact IT cyber security immediately
• Run your virus protection to wipe out any viruses
• Change your password
• Call IT Cyber Security at: 423-555-5555