What is Social Engineering?
Social Engineering is the art of tricking or manipulating people into disclosing confidential information or taking unauthorized action. The information social engineers seek vary from passwords to bank information. Social engineers exploit people’s natural inclination to help or to trust. They might, for example, call you with an urgent problem that requires immediate attention or help, and the help you give will translate to disclosing valuable information or taking unauthorized action.
What are examples of Social Engineering Techniques?
- A “charitable organization” calls or emails to asking you to donate to their fundraiser. The email or caller will outline how to send money to the “organization”.
- Your “friend” is stuck in city x, has been robbed, shot and is in the hospital. The email sender or caller needs you to send money so that your friend can get home. Email or caller will outline how to send money to your “friend”.
- You get an email or call that notifies you that you are a “winner”—either that you won the lottery, are the millionth person to click on their site, etc. The message will say that you need to provide your personal information to claim your winnings.
- In SMS scams, users are tricked into sending load credits through false claims, such as claiming prizes and discounts. An example message can be: “You have just been selected to receive 50% off your next cellphone bill. Please forward this PIN xxxx to xxxxxxxxxxx to confirm your interest.” By sending the provided PIN to the provided number, you have just sent load to someone else’s account.
How do I protect myself against Social Engineering scams?
- Never give information to individuals unless you are entirely sure who you are talking to.
- Be cautious of unsolicited messages. If an email or SMS you receive is from a company you don’t know, research the company’s legitimacy.
- Reject all email and SMS requests for help from unknown or unfamiliar senders.
- Delete all requests for financial information or passwords. If an email requires you to reply with personal information, it is most likely a scam.
- Set your email spam filters to high.
- Install an anti-virus program to protect your computer from virus attacks and malicious programs. Ensure that the anti-virus program is updated and runs at all times. Keep your computer’s operating system and web browser updated with latest security patches.