How to Avoid Social Engineering

Social engineering attacks are a type of security threat which prey upon people's insecurities and take advantage of our trusting nature to gain unauthorized access to systems or to obtain financial benefits. These attacks are difficult for IT to prevent because they often begin outside our email and computer systems and make direct contact with end-users. Awareness and training are the best ways to avoid social engineering attacks.

A typical social engineering attack will begin with a phone call or text message from someone who offers to help you with a problem you didn't know you had. They may speak professionally as they explain that your online account was compromised, or your bank account had suspicious transactions and they want to help you resolve it quickly. A popular social engineering scam is to call pretending to be the police and claim that a relative is in jail and needs a few hundred dollars to be released. They will then explain how you can obtain a prepaid or gift card which will make it all go away.

The attacker will play on your emotions; everything from fear to greed. They may call early in the morning before you've had your first cup of coffee when you may not be thinking clearly. They use professional training in communication to create a sense of urgency. They will try to scare you or present the situation in a way that makes this urgent dilemma something that will be terrible unless you act immediately. They do this because they know if you take 10 minutes to think about it, you are likely to figure out their ruse. This is why they try to keep you on the phone until they have achieved their objective.

Here are some tips on how to not fall victim to social engineering attacks:

1. Do not accept help from strangers for problems you didn’t know you have without verifying that it is really a problem.
2. Get a phone number from the caller and call them back. Caller ID is incredibly easy to fake. Asking for a callback number is a quick way to help verify the caller is who they say they are.
3. Ask someone you trust for their opinion. Criminals will never want you to talk to anyone else until they get what they want.
4. Don’t click on links or give a stranger remote access to your phone or computer unless there is a clear reason to do so. Amazon customer service will never ask to remotely control your phone.
5. Keep the call short. Criminals who are good communicators know their chances of success increase the longer they keep you on the line. As the urgency increases, ask yourself whose best interests this stranger really has in mind.
6. Trust, but verify. It’s important not to go through life thinking everyone is out to get you, but the reality is that some people are. Don’t let your trusting nature make yourself a victim.

Hopefully these tips will help you stay safe and avoid common social engineering attacks. Take care.