Social engineering means evoking a reaction, oftentimes an emotional one, and using it to trick a victim into taking action or disclosing information. Usually, fraudsters use manipulation and try to evoke curiosity and a sense of urgency in their victims. Their goal is to gain access to personal or bank accounts or to install ransomware on your device to demand payments.
Unfortunately, these types of attacks have many names and faces, so there is no one way to avoid them (except for a heightened sense of caution). These scams can be encountered everywhere: online and offline. You can get instant messages, e-mails, phone calls, pop-ups, or links. Thankfully, there are certain clues that you can look out for. As a general rule, always remember that if it sounds too good to be true, it probably is. Here are some examples of scam tactics and how to deal with them.
“Log into your bank account now!”
If you have an e-mail account, chances are you’ve been a victim of phishing. Preying on fear, scammers will send messages from a seemingly trusted source urging action. The typical example is an e-mail from your bank: If you don’t log into your account now, it will be terminated! You will be fined! You get worried because the mail seems legitimate by the e-mail address and the layout. Even the link looks to be real. By triggering urgency, fraudsters want you to act before you think and give away your data before you can reflect on the legitimacy of the mail.
You get a message telling you that you won an iPhone or an e-mail that you inherited money from a distant relative that you didn’t even know. This method is designed to capture your attention; to make you curious. Even if you don’t believe it, maybe you’ll still click on the link just because there’s a glimmer of hope that it’s true.
We’re sorry to inform you that it isn’t real.
“You have a problem with your PC? We will help for free!”
Getting this type of message can be confusing. You didn’t ask for IT support, especially not from this company. But then you think to yourself: I actually do have some problems with my PC. And if I don’t have to pay for it – what could go wrong?
The answer is a lot. They could ask you to install a program while disabling your antivirus program and before you know it, you allowed malware disguised as a software update onto your device.
Sadly, companies don’t actually reach out to potential customers and offer help for free.
“Hello friend. You have to check this out!”
Even when you get an e-mail from a person you trust, you’re not necessarily safe from scammers. E-mail accounts can be hacked and used to spam their contacts. This can include links that you just have to check out. Or, again, preying on trust and fear the scammers can pretend to be a friend who is in danger: Maybe they have been arrested and need bail, maybe they’re at the hospital… Again, the fraudster wants you to act before you think and give away personal data. This could also come in the form of a phone call. We are more likely to not think and just click on the link when it’s from a source we typically trust.
“Get the new movie for free!”
You might have seen a message like this displayed on a website. Maybe there’s even a little animation to capture your attention. If you want free malware, download this file. We’re afraid you won’t get the latest blockbusters, though.
What to do now:
All of these scenarios can be dealt with in the same way: Be careful!
If you’re asked to download or install anything, don’t do it. If you’re asked to log in and fill in your bank account data, don’t do it. Avoid clicking on links and don’t open attachments. When in doubt, simply call the company to ask about the legitimacy of the mail. Nothing is ever so urgent that you can’t make a quick phone call.
Scammers are counting on their victims acting rashly. Better you question the message one too many times. Check the source, and then check it again. You could also research the wording of the suspicious mail. Usually, you will quickly find fellow victims and their tips on how to react.
Make sure you have the latest version of a reliable antivirus program. Also, e-mail software usually filters out spam mail. In most cases, these filters can be trusted and you can change the settings to make them more strict. Now, as long as you stay calm and question every suspicious e-mail you get, you and your data should be safe from all different types of social engineering attacks.