When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely. This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust and the ease of communication to up their game when it comes to social engineering.
What is social engineering? One of the more famous examples of social engineering was the Nigerian Prince email scam. In this example, hackers relied on a novel, too-good-to-be-true story of a prince looking to transfer some of his fortune if only he could use your bank account number. The Nigerian Prince is a running joke these days, the internet version of “if you believe that, then I have a bridge to sell you,” but its original success made scammers realize they were onto something big.
Modern social engineering campaigns closely resemble communications from legitimate organizations. They’re carefully designed, may be grammatically correct, and appear in completely plausible scenarios. However, they’re all after the same thing – information to gain access to an organization or individual’s accounts.
Phishing is common form of social engineering
Phishing is a type of social engineering that uses email or websites to convince people to give up their personal information, under the guise of a plausible reason. Instead of a Nigerian prince asking for a bank account number, an email posing as your bank may ask for you to confirm your account information. Often these emails are tied to circumstances that demand your attention and reflect a sense of urgency. Needless to say, many recent phishing scams have played into COVID-19 pandemic fears and economic concerns. Here are a few other scams related to phishing to watch out for:
- Vishing refers to phone calls trying to get information from people. Think cruise ship vacations and car warranties and you’re on the right track. Chances are you’ve gotten a robocall that qualifies as vishing
- Smshing is the text version of a phishing campaign. These messages are especially malicious as they may have links that take you to fake web pages or dial a phone number.
Here’s how to identify a phishing campaign in a few easy steps
First, does the message you’ve received contain any of the following:
- Notification of suspicious activity or log-in attempts
- A claim that’s there’s a problem with your account or your payment information
- Request to confirm personal information
- A fake invoice
- A link to make a payment
- Says you’re eligible to register for a government refund
- A coupon for free stuff
If so, check for these tell-tale signs used by phishing scams
- A sender address that’s just slightly off – Cybercriminals addresses that closely resemble ones from a reputable company with just a few alterations of letters or other characters.
- Lack of personalization – Generic greetings that don’t reference your name or email address may be an indicator of a phishing email.
- Hyperlinks and site addresses that don’t match the sender – Hover your mouse over the hyperlink or call-to-action button in the email. Is the address shortened or is it different from what you’d expect from the sender? It may be a spoofed address from the
- Spelling and layout – Strange grammar and less-than-polished email layouts can be obvious signs that this is a scam email impersonating a large company.
- Attachments – Be wary of any attachment in an email. Attachments are great way to deliver viruses and malware to your device.
If the email you’re suspicious of has several of the above warning signs, chances are you’ve spotted a phishing email. Still not sure what we’re talking about? Check in your email’s spam and you’ll probably see some obvious examples of phishing right away. Spam doesn’t catch everything though, and the best phishing scams can be very difficult to separate from the legitimate emails. With that in mind, we’ve pulled together some safety precautions that will help keep you safer, from phishing emails.
Preventing and avoiding phishing scams
- Confirm the source. Unsolicited phone calls, visits, or emails are best avoided altogether or confirmed with a second source. Verify the sender or caller’s identity with the organization they claim to represent. Use contact information from a previous communication you know to be legitimate.
- Keep personal information private over email. Don’t reveal personal or financial info over an email or do so by following links provided in an email.
- Install and maintain online protection, like McAfee’s Total Protection. This kind of protection includes firewalls and even web browsing advisors to help you reduce spam and verify sites.
- Take advantage of email client and web browser antispam and link verification features.
- Use multi-factor authentication and a password manager to ensure even if your login information is stolen, scammers can’t access your accounts.