Social Engineering is the malicious act of tricking someone into doing something by using their emotions and confusing their decision-making process. The most common scam social engineers use is phishing, although there are many more, and no scam is the same.
Example: A recent phishing campaign used LinkedIn branding to make people think that well-known companies sent them a message or looked them up using the social network. Once the unsuspecting person clicked on the email links, they were redirected to pages designed to steal their credentials.
- If in doubt, throw it out! If it is real/legitimate, the sender will try again. Phishers usually don’t.
- Do not click on links or open attachments in emails that you were not expecting
- Verify any urgent requests to do something to confirm the action is legitimate
- Check the email address and subject to make sure it makes sense from someone you may know
- Double check the email address, e.g. SVAemail@example.com
- Look at the name to see if it matches the email address
- Watch out for spelling and punctuation mistakes
- Check for shortened URLs, e.g., http://bit.ly/2lgPesi, or unusual domain names, e.g. www.amazon.net
- Be cautious of vague titles for documents or attachments
Venmo /Cash App Scams
Example: Someone says their phone is dead and asks if they can borrow yours.
- Do not hand your phone to anyone!
- Ensure that you have a password on your Venmo or Cash App account.
- Common Venmo Scams – https://help.venmo.com/hc/en-us/articles/360048404533-Common-Scams-on-Venmo)
Phone Call Scams
Scammers may pose as your Bank Representative, Law Enforcement (International, Domestic), FBI, Internal Revenue Service, Embassies, Consulates, Mobile Phone Carriers, and more. Scammers will ask for payment or verification in a variety of methods:
- Gift Cards, Cash, Cash Apps, Money Wiring
- Personal Information or Identity
Example: Someone is posing as a representative from your bank. They will call you on the phone and try to convince you that there is some kind of issue with your account. Usually, they will say that somebody has tried to use your bank details online and that your account is at risk. This triggers your emotions, and you want to do whatever it takes to keep your money safe. They ask you for personal details to confirm your account, which gives them the credentials to take money from your account.
- If possible, do not answer an unknown number unless you are expecting a call.
- Keep in mind, that nothing is free, there is no prize, and you never need to make hasty decisions.
- Hang up and call the business from a known number, not the one they gave or called from.