We’ve noticed an uptick in phishing and social engineering scams with our residential customers over the past few weeks. This post is intended as a refresher and reminder to everyone on how to keep your personal information safe and secure.
The term “social engineering” may be unfamiliar to you but the acts involved shouldn’t be.
In the shortest explanation possible, “social engineering is the art of manipulating people so they give up confidential information.”
How? Good question. Social engineers, or scammers, create plausible scenarios in which someone may want to give up information in order to solve an urgent problem or stop a situation that they feel is harmful by preying on human emotions.
The most recent example we’ve seen looks like this:
“If you are a Sebastian customer read before continuing to. It appears that your Windows 8.1 computer has pop up adds ENABLED. Please call toll free to disable pop-up adds now at 1-877-759-5082. Please follow these instructions. Before you use it is strongly advised that you call to disable pop-up adds.”
If you or someone that you know receives a solicitation like this one, it is always safe to call the main number of your local Sebastian office to validate that the request is indeed real. In this customer’s case, he called and found out that it was not.
Avoid These Scenarios
Phishers and social engineers rely on their victims to act first and think later. Urgent messages that require you to act now or pressure you on the spot are typically spammy in nature and should be reported and ignored. SearchSecurity outlined a few scams you should be constantly looking out for:
- Baiting – An attacker will leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
- Phishing – Fraudulent emails disguised as a legitimate email, often purporting to be from a trusted source are meant to trick the recipient into installing malware on his or her computer or device, or sharing personal or financial information.
- Pretexting – One party will lie to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
- Quid pro quo – The attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets. For example, an attacker could request login credentials in exchange for a free gift.
- Spam – Spam is unsolicited junk email.
- Spear phishing – Tailored for a specific individual or organization, the attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets.
According the U.S. Securities and Exchange Commission, you can better protect yourself by following these simple steps.
- Pick Up the Phone to Verify – Do not respond to any emails that request personal financial information, especially ones that use pressure tactics or prey on fear.
- Do Your Own Typing – Rather than clicking on the link provided in the email, type the URL into your web browser yourself. Even though a URL in an email may look like the real deal, fraudsters can mask the true destination.
- Beef Up Your Security – Personal firewalls and security software packages are a must-have for those who engage in online financial transactions. Make sure your computer has the latest security patches and make sure that you conduct your financial transaction only on a secure web page using encryption.
- Read Your Statement – Read your monthly statements and look for discrepancies. This is one of the fastest and easiest ways to look for suspicious activity.
What types of phishing attempts have you encountered? Leave your experience in the comments so others can learn from you!
*Image by David Castillo Dominici at FreeDigitalPhotos.net