Don’t be victimized: “Social Engineering” scams

Don’t be victimized:

“Social Engineering” scams

One of the most effective and dangerous techniques criminals use to commit their crimes is called social engineering, and it’s vitally important that you learn how to recognize this serious threat.

Social engineering uses social interaction as the primary means to trick or persuade you to disclose confidential information that can then be used against you.

Social Engineering scams can happen:

In person
Over the phone
Phishing email scams

The main goal of social engineering is to trick you into providing the criminals with valuable information that can later be used to steal data and obtain funds illegally.

Cyber-criminals are excellent students of human behavior and will spend significant time studying the predictable behavior of their victims. The purpose of their study is simple – to create attack strategies and scenarios that will take full advantage of your predictable behavior, and use your mistakes to steal your information.

Some of the techniques that hackers may utilize to victimize you:

Researching your social media and online accounts. Looking at your postings on social media or other Internet postings. This could give them background data that can later be used to trick you into providing information. This could also include looking at your friends and family members postings to gain intelligence information that can be used to lure you into their scam.
Ruse phone calls to gain initial information. Exploiting your willingness to be helpful and openly provide sensitive information.
Phishing email messages posing as friends, family or co-workers.
Emails or calls posing as a company you do business with.

These are just some of the warning signs that a hacker may be trying to socially engineer you:

Any request for personally identifiable information – PII

(PII is defined as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”)¹

Creation of a sense of urgency or emergency to force your fast action without time to react appropriately.
Excessive flattery or attempts at persuasion through flattery.
Threats: “if you don’t do it, you’ll get in trouble or there will be ramifications.”
Refusal to give a call back number or unwillingness to provide normal contact information.

Because most social engineering attacks are attempts to gain information that an attacker can’t easily get elsewhere, the mere fact that a stranger asks for the information should be a clear warning. Recognizing the possible signs that a criminal is attempting to socially engineer you is now important every day.

Final Thoughts:

Never give any confidential information to someone you don’t know, and especially never to a telephone caller.
Take your time and verify all contacts independently requesting your sensitive PII data.
Limit the information you share on social media sites.

Security awareness training will reduce risk! We must think about our security every day. Don’t wait until you or your family have been victimized to do something to protect yourself. It is so important to understand the day to day risk and help to ensure that your data is protected. Cybercriminals depend on your lack of vigilance to strike when you least expect it.

Want to Learn More?

If you want to protect your employees and your business from being victimized by social engineering scams, contact CIFSA today at (561) 325-6050 to learn how we can help.

Founded by former Secret Service Agent and Deputy Director of the National Cyber Security Division of the Department of Homeland Security Michael Levin, The Center for Information Security Awareness(CFISA) is designed to help businesses, government agencies, and academic institutions empower their employees to fight cybercrimes. We provide personalized, engaging, compliant, and affordable training in PCI-DSS, HIPAA, InfraGard Awareness, and Cyber Security Awareness.

Remember, no matter how big or small your company is, and how well the back doors to your system are barricaded, one employee click on the wrong link, attachment, or website could open the front door. CIFSA trains your employees on the best practices to avoid potentially catastrophic data breaches. Call us today at (561) 325-6050 to learn how we can help.

¹^{https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf}

Michael Levin