Social engineering attacks are a type of security threat which prey upon people's insecurities and take advantage of our trusting nature to gain unauthorized access to systems or to obtain financial benefits. These attacks are difficult for IT to prevent because they often begin outside our email and computer systems and make direct contact with end-users. Awareness and training are the best ways to avoid social engineering attacks.
A typical social engineering attack will begin with a phone call or text message from someone who offers to help you with a problem you didn't know you had. They may speak professionally as they explain that your online account was compromised, or your bank account had suspicious transactions and they want to help you resolve it quickly. A popular social engineering scam is to call pretending to be the police and claim that a relative is in jail and needs a few hundred dollars to be released. They will then explain how you can obtain a prepaid or gift card which will make it all go away.
The attacker will play on your emotions; everything from fear to greed. They may call early in the morning before you've had your first cup of coffee when you may not be thinking clearly. They use professional training in communication to create a sense of urgency. They will try to scare you or present the situation in a way that makes this urgent dilemma something that will be terrible unless you act immediately. They do this because they know if you take 10 minutes to think about it, you are likely to figure out their ruse. This is why they try to keep you on the phone until they have achieved their objective.
Hopefully these tips will help you stay safe and avoid common social engineering attacks. Take care.