Introduction
Remember the story of Little Red Riding Hood? In this famous tale, a wolf poses as Little Red in order to con the grandma into gaining access to her home. The wolf devours the grandma and then disguises himself as the grandma before Little Red Riding Hood arrives. Once there, the devious wolf devours Little Red. Though there are various morals of that story, one takeaway is that you should beware of people who aren’t who they claim to be. Sometimes people are actually on a mission to trick you into giving out sensitive information or money. Read on to learn more about social engineering and for tips to avoid being a victim.
What is Social Engineering?
Social engineering is when someone tries to steal or compromise information from a person or an organization by claiming to be someone who they aren’t. They might pretend to be a new employee, a repair person, a love interest or someone that works for the government. This person may offer stories or credentials to support that identity. By gaining your trust, he or she may be able to convince you to hand over sensitive information, buy gift cards, or turn over access to their computer.
Examples of Social Engineering
Regardless of which form they use to contact you, a list of common imitations include:
- Someone pretending to be from your credit card company, a favorite retailer, the government, or your bank
- A romantic interest looking for a relationship
- A charity that pops out of nowhere to help with natural disasters or economic concerns
- An employee that is new to your company
- A representative from a vendor that is working with your company
How to Spot Social Engineering Scams
Sadly, these types of scams are harder to identify with all the technology available to us today, but the Federal Trade Commission offers some clues to look for in written form:
- Phishing emails and text messages may look like they’re from a company you know or trust – the criminal may attempt to replicate an actual business’s email address by changing a few characters (i.e.,: John.Smith@tagret.com instead of John.Smith@target.com). Look carefully and you just might notice it’s not who you think!
- The message tells a story to trick you into clicking on a link or opening an attachment. The message might say they’ve noticed some suspicious activity, claim there is a problem with your account, or ask you to confirm personal information.
- The message has a generic greeting, such as “Dear Valued Customer” or “Sir/Ma’am” along with missing contact information in the signature line. A reputable company will typically use your name and also conclude with their contact information.
Practice the Three Nevers of Social Engineering
- NEVER wire money, buy give cards or give money in any form to a company or person you recently met! Sadly, romance scams rank number one in terms of total reported losses according to this article from the FTC website. In these scams, the new love interest paints a very sad story to justify the request. Other popular scams are related to charities and disasters, such as those related to the novel Coronavirus. Finally, don’t respond to calls, texts, or emails about money from the government - anyone who tells you they can get you the money now is a scammer.
- Never grant anyone access to your computer or accounts by giving out login information such as a user name, password or challenge questions. If they called you, chances are it’s not a legitimate request. This article from the FTC website offers even more great tips to avoid scams from tech support calls.
- Never act quickly – take time to research and investigate whether or not the offer or issue is real. Slow down, hang up, and fact-check before replying. Check trusted sources such as federal, state, and local government websites. Always call the company’s main number directly to verify as well. Be careful when looking up that number, and ensure it’s authentic.