The term “social engineering” refers to the art of manipulating users into performing certain actions online, or divulging confidential information. Social engineering tactics include:
It may sound silly, but the items above pose a real threat to users’ safety while browsing the Web. Learn more about what each social engineering method entails, and how to prevent it from happening to you.
Phishing fundamentals and examples
Amazingly enough, phishing scams cost Americans around 500 million dollars annually – that’s a lot of dough.
When “phishing”, scammers typically use information from social networks or other online accounts to make their emails sound more believable. They may use phrases like, “please verify your account information”, or “your account has been closed”, and so on to invoke a response from the user. Common phishing scams include:
- Mass-scale phishing: an attack where scammers cast a wide net of attacks that aren’t very specific to one user
- Spear phishing: an attack tailored to a specific user or group of users, often using personal details
- Seasonal phishing: targets victims during the holidays or other specific events, like advertising coupons at Christmastime or tax advice in April, and so on
Some quick and easy ways to identify a phishing scam may include a misleading sender’s name, an incorrect domain (or website address), bad grammar or excessive grammatical errors, strange links in an email, and no contact info listed at the end of the email. Look out for any (or all) of these in a suspicious email to better avoid phishing scams.
Vishing is another common fraud tactic, in which individuals are tricked into revealing critical financial or personal information to unauthorized individuals over the phone. Common vishing scams will use phrases like, “I’ll need your card data”, or, “please confirm your account password”, in order to gain sensitive information from their victim.
Scammers can be very persuasive when seeking this information, using convincing tactics such as:
- Personal data: or, sensitive details sourced from your social media to make their call seem more legitimate
- Fear tactics: typically, some kind of threat or implication that your money or other personal belongings are in danger unless you act quickly
- Persuasive tactics: criminals might use persuasive offers to get you to act, but these are typically too good to be true
- Altered numbers: scammers often alter their phone numbers and Called ID to disguise the origin of the call, reflecting an area code local to the user, and so on
SMS messaging attacks are when fraudsters send scammy texts to con users into divulging personal information. Smishing attempts can be identified if they make use of one, or all, of the following:
- Unsolicited messages/suspicious sender: take extra caution before clicking on links from someone not in your contacts; for example, Wells Fargo will never send you a message from “firstname.lastname@example.org”
- Incomplete account numbers: scammers may use the last four digits of your debit or credit card (or account number) to try and pressure you into a response
- Spoof websites: some texts may attempt to direct you to links that spoof (or impersonate) a legit website, infecting your phone with malware or stealing your information
- Non-cell numbers: these are most likely scammers masking their identities by using email to send scammy messages; be especially wary of text messages from unknown email accounts
Social engineering – in review
Overall, it can be tricky to spot social engineering attempts. Be aware of the tactics mentioned above, and refer to this helpful graphic when you aren’t sure what to look for.