The Seriousness and Widespread Use of Social Engineering - Don't be a Victim
Updated: Dec 22, 2019
You may not recognize it, but you are regularly being subjected to social engineering attacks. You need to understand how these work and how not to be fooled into losing large amounts of money or being the victim of identity theft.
Be Suspicious Online! - Stop! Think! Act Appropriately!
Many cybersecurity hacking incidents depend on your cooperation! These tricks can come in many ways, such as through an email, phone call, text, a pop-up on a web-browser, etc. Often you will be asked to “click” on a message or open an attachment. VIEW THIS WITH SUSPICION! See some examples below:
Get the Official Update
1) For example, let’s say you browse to a website and you get the message, “You are running an outdated version of Adobe Flash. Click here to update to the latest version.” Don’t do it!! It is most likely a scam that will install malware on your computer. Instead close out of that browser window, go to a search engine (like Google) and search for “Adobe Flash update”. Go to the official website to get your update.
This trick can be played out in 100 ways. For instance, the website may say that you don’t have a correct video driver installed, or need an update font package, or just say “there was an error loading this page, click here to refresh”. These trick messages have gotten very sophisticated! Just close out of the browser, do NOT click that message!!
2) As another example, suppose you get an email with an attachment from a friend. You weren’t expecting them to send you something. (First of all, you should be very suspicious and confirm they meant to send you an attachment!) But you trust them, so you click on the attachment. The attachment says that it had trouble loading (or an error message pops up) and asks you to click here to reload, or download an update, etc. DON’T!! Just close the document or reboot your computer! Ask your friend if they meant to send that and talk about whether it was a legitimate message.
Overly Helpful Tech Support
3) A very common attack scenario is as follows: you browse to a website and you get a pop-up message that says you have a virus. The website lists a number to call to reach Microsoft support to get help cleaning the virus. Don't believe it and don't call that number!! If you call, you will be talking to a scam artist that will remote into your computer, steal all your passwords, install malware, and possibly take you for hundreds of dollars.
Last month I had a friend fall for this trickery and lost $600 and almost lost access to all the business data on her computer; fortunately, after many hours of work, we were able to get back her data without paying them even more. She was contacted by “Microsoft” who said they saw suspicious activity on her computer and that she had a virus; they offered to get on her computer to clean the virus. She did not STOP! THINK! Or ACT appropriately! She was caught up in the concern of the moment, so let them on her computer (to lock her out of it) and even paid them via “Amazon” gift cards.
4) Here is another common social engineering attack vector (which actually happened to me a few minutes ago, only I didn’t fall for it). Suppose you get a phone call that tells you, “There has been suspicious activity on your iCloud account. Your account has been compromised. Please contact iCloud support before you try to access your account again. Press 1 to contact support.” Just hang up!! If you think that might be true, go to the website or call the published number for account support (in this case Apple).
Here are some things to remember:
1. Never open unsolicited attachments to emails!! STOP immediately if an emailed attachment asks for your username and password; this is a credential-stealing attack!
2. Understand Phishing and don't fall for it; e.g. your bank will NEVER ask for your password!
3. Do not click on website links (URLs) in emails! Unless you have initiated that email being sent to you (by asking for a password reset, etc.), and even then, be suspicious. You are better off going to a trusted website and logging in via your normal method.
4. Don't believe a website pop-up that tells you that you have a virus and urges to you "click here" to scan/clean. Use your already-installed, trusted antivirus program.
5. Do not respond to emails of business requests for money transfers (or from friends caught overseas with no money) without independently verifying the sender and the request.
Your computer security does not need to be perfect, but you do need to be harder to attack than your neighbors. :-) But, why not instead help to educate your neighbors before they are scammed?!