With advances in anti-malware, software, and other cybersecurity controls, fraudsters are often on the lookout for easier targets.
Fraudsters will use social engineering as a first step in a larger plan to breach a system or network or to steal sensitive data. Social engineering is the practice of manipulating or tricking people to overlook important security measures and give up their confidential information.
Scammers manipulate people by exploiting their basic human instinct to be helpful, trusting, and curious and to respond to urgent requests. They use a variety of tactics to lure people into sharing sensitive information that can be used to commit financial fraud or identity theft.
Types of Social Engineering
• Phishing is a form of social engineering in which hackers use scam emails to trick the recipient into providing personal or financial information that can be used for fraudulent purposes. Phishing messages are disguised to look legitimate, from sources that are familiar to the recipient, and often contain urgent and sometimes provocative requests. As these emails appear authentic, unsuspecting recipients may reply to them, resulting in financial losses, identity theft, and other fraudulent activity. These messages can often impersonate financial institutions, the government or public health.
• Spear phishing is a targeted attempt to steal sensitive information, such as account credentials or financial information, from a small group of individuals or a specific victim, for malicious reasons. This is achieved by acquiring personal details on a specific person, such as their friends, hometown, employer, locations they frequent, and recent online purchases. This information is often collected from poorly secured social media profiles. The attackers then disguise themselves as a trustworthy friend or entity to acquire sensitive information, typically through email or other online messaging.
• Vishing is the telephone equivalent of phishing. It’s the act of using the phone to scam people into surrendering sensitive information that will be used for identity theft. Often a fraudster will call you to try and trick you into revealing sensitive information like your password, threaten you about phony debts that you owe, or attempt to trick you into paying a fee or debt with gift cards.
• Smishing is another form of phishing in which scammers use texting or SMS messaging to try and obtain sensitive information from the recipient. Scammers will send you a text message with a link to claim a phony prize, update your password or visit a malicious website for great deals or interesting information.
Phishing emails often contain common indicators that help you reveal they’re potential scams. If an email includes any of the following warning signs, it’s likely a phishing scam:
- Comes from an unknown sender
- Solicits sensitive information
- Prompts you to select a link or open an attachment you weren’t expecting
- Appeals to your sense of urgency, fear, or desire
- Has spelling and grammar mistakes or uses an unprofessional tone
What should you do if you receive a suspicious email?
- Forward any suspected phishing emails to our team at firstname.lastname@example.org for further investigation and delete the email immediately. Do not send the email to anyone else as you could put them at risk.
- Set your email spam filters to high to help prevent attacks from even entering your mailbox in the first place.
- Install anti-virus software on all your personal devices to ensure you’ll remain protected if you’re targeted by an attack.