Social engineering manipulates people into sharing personal or confidential information. It's a favorite tactic of cybercriminals that accounts for 98% of cyber attacks.
Thieves may use a combination of tactics to get you to take action. This may include sending gift cards or money, giving away passwords to accounts, or granting remote access to your computer.
These criminals can be convincing. They are pros at applying pressure tactics for personal gain.
As a result, we may act against our better judgment. It can happen to any of us. The following information can prevent it from happening to you.
What does social engineering look like?
Social engineering can take several different forms. Some of the most popular include one or a combination of the following:
- Phishing is when a thief attempts to extract information via email. The email may include a malicious link to a fake website or an attachment that infects your computer.
- Vishing is a phishing attempt via a phone call that asks you to reveal information. Common examples are IRS and car warranty scams.
- Smishing is a phishing attempt via a text message. Ever receive a text from an unfamiliar number telling you you've won a contest? That's probably smashing.
- Spear phishing is a scam that targets specific individuals within an organization. For example, senior leaders identified through research.
- Baiting is a scam to lure victims with prizes and free offerings
Be on the lookout for red flags
Social engineering attacks take all shapes and sizes. They range from very obvious to incredibly convincing. They are designed to make you act against your better judgement.
So what can you do? Use our FUDGE model to help you distinguish suspicious messages from real ones.
Fear - The message is trying to scare you into giving information or taking action.
Urgency - The message warns you to take immediate action "or else".
Desire to Please - The message appears to come from someone you want to please, like a boss or executive. Gift card scams are notorious for using this tactic.
Greed - The message is saying you're the winner of something you want. If it seems too good to be true, it probably is.
Emotions - The message is playing with your emotions. Trust your gut. If you feel something is off, don't take action, click the link or open the attachment.
Social engineering tactics may also look like this:
- Presenting a problem that requires you to "verify" your information
- Asking you to contribute to a charitable fundraiser or other cause
- Receiving an email with a legitimate-seeming background from a bank or popular company
Tips to outsmart cybercriminals
Pause before reacting. You may feel flustered or pressured when reading an email with demands. Take a breath, step away and ask yourself, "Does this seem real?"
Do your research. Don't assume what you're told is true. If you receive an unsolicited email, be suspicious. Not sure if it's the real company? Type the legitimate site's URL in your browser to learn more.
Don't click on links in suspicious emails. You know when something doesn't feel right. When in doubt, delete the email.
Delete requests for financial information or passwords. Your bank will never ask you for this information. Anyone who does is immediately suspect.
Schedule automatic updates. Use anti-virus software and enable automatic system updates to improve device security.