Dressing up for Halloween can be fun. But in social engineering, criminals pretend to be something they’re not to steal your money or information. Learn how to spot the scams so you don’t get tricked.
Phishing uses email or malicious websites to solicit personal information by impersonating someone you trust. A criminal might pose as a well-known brand like Amazon or Netflix, or someone you work with. They often take advantage of current events. Did you get any emails this month about fabulous Halloween deals or hard-to-find costumes? That could be a social engineering scam – watch out!
Vishing is like phishing but uses voice instead of email. For example, you get a frightening phone call from someone claiming you owe back taxes to the IRS. They threaten consequences if you don’t pay right away. Do not fall for it, even if the caller ID is a Washington D.C. number and the person on the phone knows part of your social security number. Caller IDs can be faked, and the real IRS won’t ask for a card payment or wire transfer over the phone.
Smishing is a form of social engineering that exploits SMS, or text messages. They can be effective because a message on your phone seems more personal than email. In one of the latest smishing scams, people get a text message prompting them to update their COVID-19 vaccination status. Clicking on the link sends them to a fake website asking for sensitive information like their social security number and copy of their driver’s license. If you get a text like this, don’t respond!
A bad actor may try to follow you into your office by dressing up as a delivery or repair person, or someone coming in for a meeting. This actually happened in our office not too long ago - we found the individual rifling through a laptop bag in an empty room. Yikes! Keep an eye on anyone coming into the office and don’t hesitate to ask for ID rather than letting a fraudster walk through the door.
5. Quid Pro Quo
The phrase “quid pro quo” in Latin means “something for something.” A quid pro quo social engineering scam offers a benefit in exchange for something. An example is a “You’ve Won” message offering a trip, free movies for a year, or a fabulous cash prize. But when you respond they tell you there’s a fee, taxes, or customs duties to pay before they can send your prize. And then they ask for your credit card number or bank account information. You don’t ever get that big payout. Instead, you get more requests for money, and more promises that you won big. You end up being a big loser instead of a big winner!
Pretexting is another chilling example of social engineering. It’s based on a scripted scenario that’s used to solicit information or money from the targets. Believe it or not, criminals can buy kits with everything they need to set up and run a pretexting scam. Common scripts are the “grandkid” scam or the “online dating” scam – terrifying!
Don’t “Treat” Scammers to Your Information
The best way to protect yourself is to stop and think before responding to any unsolicited messages. Look for indicators like misspellings or poor grammar. When in doubt, contact the organization directly using publicly available information – not through a link or phone number contained in the message. October is Cybersecurity Awareness Month, so have fun, be smart, and stay safe.