Stop Social Engineering Scams! How To Safeguard Your Personal Information Online
With modern technology, we are more interconnected than ever before. While this offers immense opportunities for nearly instantaneous communication all over the world, it can also leave us open to social engineering scams.
These scams come in a variety of shapes and sizes, but their primary goal is to manipulate people into giving away personal information that can be used for fraudulent purposes, whether that’s identity theft or system access. Internet users of all ages should be aware of social engineering as scammers continue to become more sophisticated—and harder to spot!
You’ve probably already encountered one of these attempts. Maybe an email claimed you won a large sum of money, but you need to send in a small “processing fee.” Or a phone call that looks like it’s from an official number tells you there’s a problem with your account. These are both examples of social engineering.
Understanding Social Engineering Works
Unlike traditional hacking that takes advantage of security vulnerabilities, social engineering exploits human nature and emotions. By preying on fear, excitement, or urgency, scammers can trick you into giving up personal data.
Take that email, for example. The natural first response when someone says, “You’ve won!” is excitement. A calmer, second reaction would be to wonder, “Did I sign up for any contests?” Scammers are relying on that first burst of emotion to override your caution, which is the entire point of social engineering.
The Many Faces of Manipulation
Social engineering scams come in many forms, but they are all designed with one purpose in mind: to manipulate victims into actions that are against their best interests. Here are some the most common tactics to watch out for.
Phishing Scams
Usually arriving in the form of emails, phishing communications may look like they come from legitimate sources, even using real (albeit stolen) logos and possibly even your real name. They’ll request sensitive information or direct you to fake websites that capture your data. They may also come with attachments that, when opened, download malware to your device.
Smishing Scams
Smishing is short for “SMS phishing,” and uses similar tactics. These text messages usually give you a link to click or a phone number to call to “fix” a problem or claim a prize. The link may take you to a fake website or download malware, and the phone number is a direct line to a scammer who’s out for your information.
Vishing / Voice Phishing
With vishing scams, you’ll get a call either from a recorded phone system or possibly a real person. The phone number may even look like it’s coming from someone you trust, like your financial institution or your local utilities. With the recent advances in AI, it’s even become possible for scammers to use recordings of a family member or friend (often from social media) to trick you into thinking they’re in trouble and need money.
Pretext Calls
Often part of voice phishing, a scammer on a pretext call might pose as a technician, asking for access to your financial or personal information in order to “fix” a problem.
Imposter Scams
In an imposter scam, the caller takes advantage of your trust in a person or entity, like a known charity, to solicit funds or information. These often become more frequent in the wake of a natural disaster or other event when people want to help out.
Baiting Attacks
This sort of scam takes advantage of your curiosity, using something as “bait” to lure you in. For example, if you find a USB found on the ground, you might be tempted to plug it into your computer to see if you can discover who it belongs to or if there’s anything important on it. There likely is something on it—malware that will infect your computer.
Quid Pro Quo
Like the Latin phrase it comes from, “quid pro quo” scams operates on the principle that you have to give something to get something. For example, if you give a tech support representative remote access to your computer, you’ll get your computer fixed. And while this works in theory, you’ll want to be very sure who it is on the other end of the line who you’ve just given access to.
Employment scams are another example of quid pro quo. In order to apply for a job, you’re asked for important personal financial information like your Social Security number or bank account numbers. Legitimate jobs won’t ask for this information at the application stage.
Protecting Yourself from Social Engineering
While the sheer number of scams can feel overwhelming, there are some basic steps you can take to protect yourself and your personal information. In general, a little awareness and skepticism can go a long way toward keeping you safe. Here are some proactive strategies to defend yourself against social engineering scams.
Be cautious!
Never give out personal information to anyone you don't know and trust, regardless of how urgent or important they sound. Be especially wary if it’s an unsolicited phone call. Hang up, then call them back at a number you know is legitimate.
Verify, Verify, Verify!
If you receive a call, email, or text message claiming to be from a legitimate source, don't respond directly. Instead, type in the company’s website by hand to log in to your account or look up the company's phone number and contact them directly.
Think before you click!
Don't click on links or attachments in emails or text messages unless you’re absolutely sure who sent it. For emails, you can click on the “From” field to see the source email. A long string of nonsense letters or otherwise questionable address is a dead giveaway. Report the email or text as junk and delete it immediately.
Be mindful of what you share online.
Review your privacy settings on social media and limit the amount of personal information you share publicly. Scammers spend a great deal of time browsing social media and collecting information about you that they can use to try to trick you.
Educate yourself and your family!
Empower your family—especially your teens and pre-teens—with knowledge. Talk to them about social engineering scams and how to stay safe online.
Keep your software and devices updated.
Many updates include security patches that can help protect you from malware and other threats. Turn on automatic updates to help ensure your devices are up to date.
Report suspicious activity!
If you do encounter a scam, report it to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov/. The more information they have, the better able they are to prosecute scammers and put them out of business for good.
Further Support and Resources
Recognizing and protecting against social engineering scams is an ongoing effort. By staying informed about the latest fraud tactics, you can be on guard against new threats as they arise. You can also check out these websites for more resources:
- CISA (Cybersecurity & Infrastructure Security Agency) is the government agency in charge of cyber defense. Check out their website at https://www.cisa.gov/ for some great information on cybersecurity.
- https://www.knowbe4.com/ is a great resource for knowledge and training on social engineering scams, especially if you happen to own a small business.
Building a Secure Online Presence
Just like you lock your doors and shred sensitive papers to protect yourself in the physical world, it’s important to protect yourself in the digital realm, too. Understanding the ways scammers use social engineering techniques can help you stay safe and reduce the chances that you’ll fall for a scam.
Stay vigilant, stay informed, and, most of all, stay safe so you can continue to enjoy the benefits of our connected world.