Seeing how many scams attempt to “tempt” you to react, pay, or worse, steal your hard-earned dollars is frustrating. Even my 90-year-old mother struggles with “social engineering.” As a society, we attempt to trust people first, but when it comes to the Internet or strangers, we need to be wise and know how to combat those who take advantage.
What is social engineering? Norton shares this definition, which is probably the most clear:
Social engineering in cybersecurity is the practice of manipulating someone into giving up sensitive information, usually through exploiting human error or taking advantage of trust in digital communications.
https://us.norton.com/blog/emerging-threats/what-is-social-engineering
Social engineering can happen via email, social media, text messages, and even through the post office. They often pretend to be someone in authority, such as a government agency or your supervisor at work. Sometimes, they send you messages to make you think something has happened, like pretending to be a friend, child, young adult, or even a coworker who is in trouble or sending you a text or email with an urgency, telling you your computer has been hacked or has a virus.
In some cases, they look legitimate, such as looking like a login page to your bank or social media account. In other situations, it might sound too good to be true, but you think, what could it hurt? Unfortunately, it could be very detrimental.
So how can you be aware, keeping you and your loved ones safe?
Always be suspect if something is “URGENT” or needs immediate attention.
- If it is an email or a text message, be suspect. How urgent is it, really? This is a favorite tactic of scammers to give you a limited decision time, sometimes even minutes.
- Don’t give access to your computer; companies will never contact you for access. Scammers will pretend to be from Microsoft or another ‘known’ company. They can lock your computer and steal your private information.
- Don’t open attachments from someone you don’t know OR verify if someone you know actually sent them before opening attachments.
- Call their official number (check your paper or online bill or check the official .gov website, for example).
PHISHING
In cyber crime, phishing occurs when a person posing as a legitimate organization contacts a target or targets by e-mail, phone, or text message to trick them into revealing sensitive information, such as personal identification, credit and banking card numbers, and passwords. Identities are stolen, and money is lost due to the information being used to access important accounts.
- If you need to check your account, go directly to the URL, and don’t click on a link in a text or email. If you hover over the link, your email will show the address (URL). Often times they are redirected to the scammers’ pages. Sometimes, the address is just a few letters off, enough to trick you.
- The same thing can happen with email addresses. Are you sure it came from a source you know? It isn’t hard to “pretend” to be someone you know or from your office. Check out the red flags list below.
- Read the fine print. I regularly receive mail from companies claiming to invoice for domain name renewals when they get you to pay hundreds for a questionable marketing page. See the Facebook example below.
- Be aware. Know your suppliers for your domain name, hosting, and other services. If you are a client, feel free to ask if you aren’t sure. We will be happy to help you out.
This KnowBe4 resource outlines 22 social engineering red flags commonly found in phishing emails. You can also print out this PDF to share.