social engineering at the university of delaware

A University of Delaware student is facing some serious charges for supposedly breaking into the school's computer system and changing her grades. Rather than using some sophisticated computer skills and software, the student is alleged to have called the University Help Desk three different times and asked to have passwords changed so that she could gain access to where the professors record grades. Normally, help desk staff won't do this over the telephone at the U of D. The third time, they supposedly allowed her to change a password again, and also called the police.

There are some good suggestions on this page on how to avoid this type of social engineering. I feel sorry for this student, and I wish that the help desk had not been so helpful to her. Another good, itemized list of ways to thwart social engineers.