Is well known to all that you shouldn´t give sensitive information via phone, internet or any other media unless you can verify the authenticity of who they claim to be. If you have encountered a situation where someone is asking you about your information you might have been facing a social engineering and phishing attack. But what are this two all about?
Social Engineering Attack is when the attacker uses social skills to obtain sensitive information about an individual, organization or its computer systems. The attacker may pose as a respectable person and he/she may offer to show credential to validate its persona, by asking questions this people can put together enough information to infiltrate a company´s network and if they don´t get what they want the first time or from the first person they get in contact with, they will contact someone else from the same organization to get what they are looking for.
A Phishing Attack is a form of social engineering, this type of attack uses email or malicious sites to solicit personal information by posing as a credible organization; they may ask for credit card or financial information, often suggesting that there is a problem to get what they need from you like access to your accounts. Phishing attacks may also pose as charities and more.
To avoid attacks like this ones always be aware of unsolicited phone call, and verify the credential of the person on the line with the company they claim to be from. Never provide personal information including networks unless you are 100% certain of the authenticity of who´s asking. Do not reveal personal information via phone, email and else. Pay attention to the URL of a website; install and maintain anti-virus, firewalls and email filters up to date to reduce or prevent attacks.