Have you ever heard of a Nigerian bank account scam? You know the one about a Nigerian prince who has just been deposed and now needs your help accessing his inheritance. You’ll get rewarded for your assistance of course! You hand over your bank account details in good faith and *poof* your money disappears and you see no reward.
These types of scams have been going on since the mid-1990s and are a common pop culture reference. However, as these grew more well known, people were less susceptible to falling for this type of scam…so hackers got more inventive. Every day, hackers and scam artists around the world are coming up with new ways to trick you and stay ahead of the curve. Hackers are experts at what is called social engineering, which is the act of manipulating people into performing actions or divulging confidential information.
Social engineering doesn’t always mean using a person’s desire for money (quickly…and with little effort…). Phishing scams often use a person’s kindness or generosity against them, whether it’s a phony email from a relative in trouble or a made-up story of a dire plight and a stranger in need. Or, phishing scams can be constructed under the guise of some authority, like a federal agent seeking help to catch a criminal or the “IRS” declaring you were short on your refund.
One of the best ways to stay safe online is staying aware of common types of social engineering. Below we’ve outlined some of the most common examples of social engineering for you to keep on your radar.
Impersonation: A person trying to steal information may employ impersonation techniques, including:
- Posing as a system admin or tech support team member who needs your credentials in order to fix a problem on the network
- Flipping the script from above and pretending to be you when communicating with a system admin. In this scheme, “you” are requesting new credentials for the system.
- Claiming to be an authority figure (like a manager or head of HR) to gain sensitive information, such as login and password date
Phishing: The act of impersonating trusted resources to trick you into divulging personal information
- Fraudulent alert messages that appear to come from reputable source. These alerts will claim that some action must be taken by you. Usually something enticing is on the other end of that action (such as a job offer or business lead) and will request you share a password or other form of personal information.
- Bank Account Scams. You’ll receive an email from what appears to be your bank stating that there is an issue with your account, which can be fixed by “clicking here” and resetting your password.
- Phony FBI Warning Scams. These can be some of the most elaborate and play off of people’s fears. You’ll receive an email from what appears to be the FBI stating that they’ve been monitoring your online activity and have found you have violated some law and demanding a fine.
- Fake IRS Scams. These crop up frequently post-Tax Day and can look very real. You’ll receive an email from what appears to be the IRS claiming you have underpaid on your taxes or have violated some law and are being charged a fine.
- Fake Antivirus or Security Software Scams. These are very tricky especially for people who want to stay secure but might not be sure how! Oftentimes, these scams appear as some kind of pop-up on a website and attempt to scare you into thinking you have a virus on your computer (these pop-ups are often called “scareware”…) However, if you click on the link to “fix” the virus you are actually installing one.
- Funny term, but serious business. Typosquatting is the act of intentionally making a website look exactly like the official website that it is mimicking. Hackers will purchase domain names that are made up of common typos of real websites. They will then include links that will download malware onto a user’s computer or misdirect a user to send personal information or funds to the wrong place.
Don’t forget that using safe browsing practices and maintaining good email/password health is a great way to cut these social engineering scams off right away.