The principle behind social engineering is frustratingly simple: It can be easier to trick people into giving up personal information than to spend time hacking into a computing system by force. These scammers are often referred to as “human hackers.”
In the past, scams from social engineers were fairly easy to spot. They often used poor grammar in emails, or were vague enough over the phone or in person to make their victims suspicious. But lately, these criminals are using tricks to make themselves seem a lot more legit and lure victims into a false sense of security.
That’s why it’s always important to be careful when sharing information with anyone, whether it’s in person, over the phone, via email or text.
Meet three examples of personable (but dangerous) social engineers you could run into at work or home, learn what they’re really after and know how to report them as soon as possible.
1. The Phone Call Faker
They want: To convince you to divulge personal details or hack into your system using small pieces of information gathered from around the internet, like social networking sites.
Their plan: Call you and impersonate someone from a familiar business, giving you a false sense of security and asking for personal information. At the office, they might call at your desk pretending to be an IT or HR member and ask for information about your work, job or team. They might even know how to call into the switchboard and ask to be transferred to you, so the call appears to be coming from an internal number.
Stop them by: Asking for their callback information. The Phone Call Faker will probably refuse to give it, which is a dead giveaway that they’re a fake. If they do give it to you from a place of business, pass the information to your manager and report the incident with the callback information. To report phone fraud at home, visit FTC.gov or call 1-877-FTC-HELP. Never share any personal or business information with a caller until you confirm their identity.
2. The Too-Good-to-be-True Texter
They want: To lure you to enter personal information, user IDs and passwords. They hope to use these to steal your identity.
Their plan: Send a text message to your smartphone claiming you’ve won a prize. In order to claim it, they’ll include a link that takes you to a website that looks legit but is ultimately malicious and intended for capturing your information.
Stop them by: Deleting the text message right away. Never respond to a text coming from a number you don’t recognize; doing so can alert spammers that your phone is “alive,” resulting in even more spam and can also inadvertently give access to the information on your phone. Forward a copy of the message to 7726 (SPAM) to report the spam to your mobile phone carrier.
3. The Email Phisherman
They want: To hack into your computer to steal information, including credit card and social security numbers, which they will then sell to other criminals.
Their plan: Phish you by sending an email that appears to come from a trusted source, such as an e-commerce site or bank, but contains a malicious link or attachment. If clicked on or opened, the link or attachment releases malware that can damage your system and allow access through your firewalls.
Stop them by: Hovering your mouse over the link in the email to see where it’s really leading you. If the website address looks suspect, avoid clicking any links within the email, opening attachments or entering your company login credentials, and don’t send a response. Instead, forward the email to report the incident and delete the email.
Also, be wary of mass emails containing false alarms, misleading requests for donations or fictitious offers of money or free goods. You can check the validity of almost any mass email at the Snopes website. To report potential email scams or deceptive messages, contact the Federal Trade Commission at firstname.lastname@example.org. Be sure to include the complete spam email.
In any suspicious situation, it’s always smart to err on the side of caution. Even if the person you’re communicating with is who they claim to be, they’ll understand your desire to keep personal or professional information safe.
Don’t miss out on the latest Target news and behind-the-scenes happenings! Subscribe to our bi weekly newsletter and get the top stories from A Bullseye View delivered straight to your inbox.