Social engineering is an attempt to steal your personal information by disguising fraudulent activities with information that looks safe and harmless. Such attacks can be executed in a number of ways. There is the obvious method that most of us have probably heard of, or seen, such as email messages offering something that’s only “1 click away!” Other methods are more deceptive, involving seemingly innocent phone calls or random USB drives left sitting in a parking lot.
The objective is still the same: have you forfeit your information for their personal gain. There are no software programs that you can run to protect yourself from the most deceitful social engineering. (Although you may be able to combat some of the more basic attacks with an anti-virus program or anti-spyware.) Its not all bad news, though, knowing what to look for can help protect your information against disingenuous attacks. Let’s dive into the different methods on how to keep you and your information safe.
When Scammers Go Phishing
What is phishing and what does it have to do with social engineering? Well, phishing is an attempt to get information from you in a way that could compromise your computer or your personal information through the use of a very convincing email message. The messages will generally seem urgent in nature. This is to try and get you off guard, make you think that you have to act now or face the consequences.
Some of the most convincing scams look like messages from someone important or higher up in your company. This could be from your system administrator telling you that your mailbox is full and that you can no longer receive email messages. Others look like they are coming from a banking institution to notify you of unauthorized access to your account. The message may even look like it’s coming from a social media website. The whole point here is that the message creates a sense of urgency with a simple solution present – just “click here” to fix the issue.
How to spot the fake
So how do you tell a real message from a fake? First, don’t jump to a conclusion. It is very important that you examine what you can from the message without opening it and think it through. If there was legitimate unauthorized activity on your account, banking institutions do provide protections for you and the issues can be resolved by calling the contact number on the back of your card or your local branch office. In most cases that is what legitimate messages will tell you to do. There is very little that you as a customer would be able to do from an online portal to resolve issues like this.
Next, make sure you check to see who the message is coming from. Does the domain name of the email address of the sender match who the message is coming from? For example, Bank Of America would not send out communication from a Gmail account. Most email addresses use the formal domain of the organization that is sending the message. So Facebook would use @facebook.com and they would not prefix the domain with anything. Email addresses are a form of marketing the more you use your brand the more recognition your can get and you are not going to make exceptions just for your support teams.
The links themselves can give away the scam. If you have a message that claims to come from LinkedIn but all the links point to some weird website that you have never heard of before – chances are the message is a scam. However, sometimes the link will not match the sender and it is still legitimate. If the sender is using a third party vendor to send out marketing messages the vendor will often replace the URL on the links to an internal address that will redirect your to a link the sender provided. As an example, we have been using Vertical Response for a number of years for email marking. They will replace all the links in our messages to point to an address on one of their systems that will acknowledge you got the message and something in that message was of interest to you and then it will send you to one of our sites. These message will ALWAYS have a message at the bottom letting you know it came from Vertical Response on our behalf and that you have the right to unsubscribe from these types of messages at any time.
What should I do next?
Now what should you do when you get these messages? If you have someone on your team that specializes in this area they should be notified that a message was received that looks suspicious. they may ask you to forward the message to them to analyze it. Others in your organization may have gotten the same message and this person would be able to verify the validity of the message and notify others of the concern.
If the message came to a personal account then you should verify the message with the source. DO NOT click on any links in the message or call any phone numbers provided in the message. Open a new browser and login to your account and verify yourself that everything looks normal. Find a contact number on their website or some other independent source.
These are just a few of the ways that scam messages can appear in your inbox. We want to hear from you in a comment below, what types of scam messages have you received and what did you do to avoid being scammed? Let us know in the comments below or chat with us on social.