Social engineering is a fancy name for an old problem. Any scheme that uses deception to manipulate people to provide personal information–or to carry out a fraudulent transaction–is social engineering.
In the old days, it involved verbal low-tech methods such as phone calls and in-person conversations. Today, the means to engage in social engineering has expanded to include imposter websites, text messages, email, and even voice simulation software, giving rise to the term "phishing."
Being able to recognize the red flags of social engineering can help interrupt a scheme before any harm is done.
The trouble with email
Email is a widely accepted means of communication. The strengths of email are also what make it especially vulnerable. Because of its pervasive use, email is the most commonly used tool for phishing schemes.
We've all heard the story about a Nigerian prince who needs help to unlock millions of dollars. However, email phishing has become increasingly sophisticated, taking on many forms, tricking people to inadvertently reveal sensitive information to imposters.
Most commonly, hackers attempt to:
Gain control of legitimate email accounts. They convince individuals to reveal their login credentials or to click links that download malware onto their computers.
Create fake email accounts resembling legitimate ones. They source social media or an organization's website to research relationships and to identify acquaintances or colleagues who likely work together. They create bogus email accounts that display the proper names of these individuals, but from addresses that closely resemble, but do not match, the actual email addresses.
What to look for
To help protect from cybercriminals, look for signs that suggest a sender’s email may have been hacked. For example, someone posing as a friend or colleague may send an uncharacteristically aggressive email demanding speedy service, or speak in a threatening manner. Call the person back at a trusted phone number to verify the identity of the caller. While it involves an extra step, the effort could prevent a potential problem.
To spot dishonest emails, ask yourself:
- Does the sender's email address match the address you have on file? Hackers sometimes only change one letter of an address, so look closely!
- Does the message contain misspellings, odd phrases, or other clues that the writer might not be the person you expect? Watch for clues that may reveal you're communicating with someone unfamiliar with the matter you're discussing. They might get places wrong, misname a colleague, or describe your office functions in an unusual way.
- Are there unfamiliar links in the message? Never click a link unless you're certain it's safe. Before you click, hover your cursor over the link to scrutinize the embedded address.
- Does the context make sense? If you're asked to do something you would not expect the sender to request, it could be a red flag.
- Are you being rushed? Fraudsters often fabricate a sense of urgency to knock you off balance. Don't lose your cool. Take a deep breath, continue to ask questions, and allow yourself time to think things through.
Protecting yourself from hackers
Technology systems can detect and deflect many threats before a security breach occurs, but many hackers know how to get around these barriers. Social engineering schemes ultimately rely on the manipulation of people's behavior. Educating yourself through cybersecurity training is a great way to protect yourself and those close to you. Regular training can help you recognize the signals of social engineering, navigate complex situations, and make safe decisions.
This is not a recommendation and is not intended to be taken as a recommendation. This material was prepared for general distribution and is not directed to a specific individual.
LPWM LLC does not provide tax, legal or accounting advice. This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, tax, legal or accounting advice. You should consult your own tax, legal and accounting advisers.