Security Awareness Training Alert: Social Engineering Scams

Social Engineering Scams

One of the most effective and dangerous techniques criminals use to commit their crimes is called social engineering and it’s vitally important that you learn how to recognize this serious threat.

Social engineering uses social interaction as the primary means to trick or persuade you to disclose confidential information that can then be used against you.

Social Engineering scams can happen:

1. In person
2. Over the phone
3. Phishing email scams

The main goal of social engineering is to trick you into providing the criminals with valuable information that can later be used to steal data and obtain funds illegally.

Cyber-criminals are excellent students of human behavior and will spend significant time studying the predictable behavior of their victims.  The purpose of their study is simple – to create attack strategies and scenarios that will take full advantage of your predictable behavior, and use your mistakes to steal your information. 

Some of the techniques utilized to victimize you:

• Researching your social media and online accounts. Looking at your postings on social media or other Internet postings. This could give them background data that can later be used to trick you into providing information. This could also include looking at your friends and family members postings to gain intelligence information that can be used to lure you into their scam.
• Ruse phone calls to gain initial information. Exploiting your willingness to be helpful and openly provide sensitive information.
• Phishing email messages posing as friends, family or co-workers.
• Emails or calls posing as a company you do business with.

These are just some of the warning signs that a hacker may be trying to socially engineer you:

• Any request for personally identifiable information – PII

(PII is defined  as “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”)¹ 

• Creation of a sense of urgency or emergency to force your fast action without time to react appropriately.

• Excessive flattery or attempts at persuasion through flattery.

• Threats: “if you don’t do it, you’ll get in trouble or there will be ramifications.”

• Refusal to give a call back number or unwillingness to provide normal contact information.

Because most social engineering attacks are attempts to gain information that an attacker can’t easily get elsewhere, the mere fact that a stranger asks for the information should be a clear warning. Recognizing the possible signs that a criminal is attempting to socially engineer you is now important every day.

Final Thoughts:

• Never give any confidential information to someone you don’t know, and especially never to a telephone caller.

• Take your time and verify all contacts independently requesting your sensitive PII data.

• Limit the information you share on social media sites.

We must think about our security every day. Don’t wait until you, your business or your family have been victimized to do something to protect yourself. It is so important to understand the day to day risk and help to ensure that your data is protected. Cybercriminals depend on your lack of vigilance to strike when you least expect it.

The value of security awareness training and the Center for Information Security Awareness – CFISA.com

The Center for Information Security Awareness – CFISA, was founded to help educate employees on ways to protect themselves against cybercrime. In our training, we always stress that as citizens we need to protect ourselves, our community and the Nation from growing cyber security threats.

We all have a role in protecting our personal data, business data and the critical infrastructure and security awareness training can help to reduce risk. Being aware of new crimes and scams in the news is a fundamental part of the training.

Sharing new scams and crimes you hear about in the news with others, is important to ensure that the people you care about do not fall victim to these types of crimes.

Contact CFISA and we will help you with a training option to fit your budget! 

Copyright © 2018 – CFISA

 

^{1   https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf}