Be Aware of Social Engineering Scams
Don't be a victim of con artists trying to gain your trust.
Social engineering is a type of computer scam where criminals contact you directly in an attempt to gain your trust and trick you into giving up passwords, bank information or access to your computer. Criminals use social engineering because, in many cases, it’s easier than hacking a password.
Common social engineering attacks
There are thousands of variations to social engineering attacks. Here are some of the more common ones.
Links or downloads from a “friend” – You receive an unexpected link or attachment from a friend. Once selected, your computer becomes infected with malware that allows a criminal to take over your machine and collect email contacts or other sensitive information.
A compelling story – You receive an email request to help a friend in another country who has been robbed, beaten, put in jail or hospitalized, and is in need of money to get home. Any money you send goes to the criminal.
Discovery of a “problem” – You’re told you have a problem with an account and are asked to verify information by clicking a link and providing confidential information. The link will look legitimate and have all the right logos and content. Because everything looks legitimate, you trust the email and provide the information.
Charity request – You receive a phony request seeking funds for a recent disaster or popular charity.
Baiting – On a peer-to-peer or social networking site, you click a link to download a new movie, book or music. Your computer is then exposed to malware.
Slow down – Social engineering thieves want you to act fast and think later. If a message conveys urgency or uses high-pressure sales tactics, be skeptical.
Be suspicious – If an email looks like it’s from a company you use, key in the real company’s Web address (don’t use the link) to verify.
Delete requests for personal information or passwords – If you’re asked for personal or financial information, delete the request.
Be wary of foreign offers – If you receive email from a foreign lottery or sweepstakes, or a notice of money from an unknown relative, it’s probably a scam.
Use social networking cautiously – The more personal information you post, the more likely someone could impersonate you and trick you or your friends into sharing confidential data, downloading malware or providing access to restricted sites.
Use caution with technology
- Install anti-virus, phishing and spyware software, firewalls and email filters, and keep them up-to-date.
- Scan all electronic media (flash drives, CDs, etc.,) for viruses or malware before use
- Change passwords periodically, and do not use the same password for more than one system or service.
- Avoid accessing personal accounts from public computers or through public Wi-Fi spot; they may not be secure.
- Monitor your bank statements, balances and credit reports for suspicious activity.
- Do not provide information about yourself that could allow others to answer your security questions when using the “I forgot my password” feature.