The more you understand, the better you will be able to protect yourself, your information, and your privacy. Social engineers do their homework by researching and monitoring individuals’ and businesses’ social media and online activity. They’re looking for personal information like your interests, hobbies, memberships, and associations, which can help them make a connection or expose a weakness they can exploit.
Social engineering fraud attacks can take many forms, including phone, email, text, and in-person attacks, but they all have the same goal: to separate you from your money.
Attackers want you to act without thinking about the consequences, which implies you should do the opposite. Here are some questions to ask yourself if you suspect an attack to aid you:
- Are my emotions running high? When you’re really curious, afraid, or enthusiastic, you’re less inclined to consider the implications of your actions. In fact, you are unlikely to consider the legitimacy of the situation that has been given to you. If your emotional condition is high, consider this a red flag.
- Is this a genuine message? When you get suspicious communication, double-check email addresses and social media profiles. There may be characters that sound similar to others, such as “torn@example.com” instead of “tom@example.com.” Fake social media profiles that use your friend’s photo and other information are also widespread.
- Is this a message from my friend? It’s usually a good idea to ask the sender if they truly sent the message in question. If it was a coworker or another person in your life, question them in person or over the phone, if feasible. They might have been hacked and are unaware of it, or someone could be mimicking their accounts.
- Is there anything unusual about the webpage I’m on? URL inconsistencies, poor picture quality, outdated or wrong brand logos, and typos on the website can all be warning flags of a bogus website. If you visit a spoofed website, make an instant exit.
- Is this deal too good to be true? Offers are a great motivator to drive a social engineering campaign ahead in the case of giveaways or other targeted tactics. You should think about why someone is providing you something valuable in exchange for minimal return on their end. Be cautious at all times since even basic information such as your email address can be stolen and sold to unscrupulous advertising.
- Suspicious attachments or links? If a link or file name in a message looks ambiguous or strange, evaluate the validity of the entire communication. Consider whether the communication was sent in an unusual context, at an unusual time, or whether it raises any additional red flags.
- Is this individual able to prove their identity? If you can’t get this individual to confirm their identification with the organisation they claim to be a part of, don’t give them the access they’re requesting. This applies both in-person and online, because physical breaches necessitate ignoring the attacker’s identity.
- Be sceptical: Never believe and always check. Look for clues that someone doesn’t know you or isn’t who you believe they are. If your supervisor requests that you transfer $50,000 to a random account, phone them to confirm. Verify any connections that don’t seem legitimate, especially if money is involved. Finally, the FBI warns, “Be extra suspicious if the requester is pressuring you to comply immediately.”
If you are hacked and money is stolen, immediately alert your bank and a local FBI field office, and make an electronic report with the Internet Crime Complaint Center. We’ve had a lot of success working with local FBI agents to get money back, but only if we get it done swiftly. Time is running out.