Author Archive

Cyber Security – Social Engineering

Saturday, June 1st, 2019

New Terms, New Tactics, More Manipulative and Nothing “Socially Accepted” about these SCAMS…!

Social engineering, in the context of cyber security, refers to psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

It has also been defined as “any act that influences a person to take an action that may or may not be in their best interests.”

Social Engineering Scams

Below you will find some of the common techniques that cyber criminals use (commonly called social engineering) to trick people into revealing personal information, ways to recognize these potential scams and steps to take if you become victim to any.

Phishing

Phishing is a form of fraud that uses both social engineering and subterfuge, and aims to steal personal identity data, financial account credentials or any other valuable data.

In the form of a letter or email, which directs you to click a fraudulent link or provide personal information. Fraudulent Web sites used in phishing scams are commonly disguised as widely known businesses or financial institutions.

Potential phishing scam indicators:

  • Generic greetings such as “Dear Valued Bank Customer”
  • Masked links which make fraudulent Web site links appear legitimate
  • Requests for personal information
  • Urgent requests and limited-time offers
  • Misspellings
  • unusual text in a foreign language and/or characters

Vishing

Vishing is the telephone version of phishing, or a voice scam, designed to trick victims into sharing personal information, such as personal identification numbers (PIN), social security numbers, credit card security codes, passwords and other personal data.

Performed over the telephone or voice mail, fraudsters pretend to be associated with a financial institution or well-known business and leave an “urgent” voice mail message. This message will request you call another number to provide your account or personal information. Criminals using vishing scams prefer to leave a voice mail message rather than talk directly to you.

If you answer a vishing call:

  • Do not give the caller any information
  • Ask for their name and the name of the organization they are representing
  • Tell them you’ll call them back and hang up. Do not use the number they provided
  • Look up the phone number for the organization they identified and call that number
  • Explain to their representative why you are calling

SMiShing

Smishing is a form of phishing where a smisher sends malicious text and social media messages to obtain valuable information.

Sent through a mobile device, usually in the form of a mass text message this type of message may look as if it’s from your financial institution or other business, which would have customer account information. It will usually state your account has been temporarily locked; then direct you to call a telephone number or visit a Web site to unlock the account with your personal information.

If you get a suspicious message, don’t fall for it:

  • Do not call the number provided in the text.
  • Call your bank using a phone number that you trust – from your statement or from the bank’s website, for example.
  • If you get a message about some “service” you’ve been signed up for and will have to cancel, search the web for other reports of the message.

We can’t all be recluse and shielded from the hazards of “social engineering” but we can be more aware of the scams and protect our personal information by being diligent and reminding ourselves, “if it sounds too good to be true”, it may very well be and we should be in control of our own information dissemination.