Beware of Social Engineering Scams
Cybercriminal activity continues to evolve as scammers develop sophisticated tactics to trick victims resulting in identity theft and consumer fraud.
Many of the latest scams involve social engineering — using a false pretense to convince someone to share personal information. The victim may think there is no harm in sharing but it could be deployed later to initiate an attack. It is crucial to stay current about common scams.
Phishing
Phishing starts with an email that often looks like it is from a trusted source. The email will ask you to do something—usually click on a link or download an attachment. The link takes you to a website that seeks to steal your information, or attempts to download malicious software (or “malware”) onto your computer. Opening the attachment may infect your computer with malware.
Once the malware invades your computer a hacker can use it to look at personal documents saved on your computer, such as a tax return. They can also capture the keystrokes on your computer (or take screenshots of sites you visit) to harvest your logins, passwords and other sensitive information. After they steal your information, they will often try to access your bank accounts or sell your data to other cybercriminals.
Security tips: Never click on a link or open an attachment from unsolicited sources, and don’t provide personal information when responding to an email request.
Vishing
With this phone scam, a fraudster calls you and poses as a representative from a reputable organization. Vishing calls usually have a sense of urgency or panic to make you more likely to share the requested data.
Security tips: Only answer phone calls from numbers you recognize. Do not rely on Caller ID. Caller ID can be spoofed by bad actors pretending to be a reputable company, such as your Financial Institution.
Never give out your security information, passwords, usernames, banking information, card or partial card numbers when contacted by anyone unexpectedly, no matter who they say they are.
You can always hang up and call the organization back using a phone number found through a trusted source – such as the company’s official web site or a financial statement.
SMiShing
Short for “SMS phishing” occurs when a cyber thief tries to fool you into providing them with your personal information via a SMS or text message, or attempts to get you to click on a link in the text. The fraudster may also try to download malware onto your mobile device.
Security tips: Just like with phishing emails, never click on unknown links embedded in a text message, especially from a sender you don’t recognize. If you have any doubt about the authenticity of the sender, don’t respond.
Key Takeaways:
- Cybercriminals use sophisticated tactics to impersonate trusted or legitimate sources via email, phone call and text.
- Only answer phone calls from numbers you recognize and never click on links or open attachments in unsolicited emails or text messages.
- Be cautious of requests to make payments or to provide access to your devices.
Other Common Scams
Once cybercriminals have your personal information, they can use it to execute a variety of social engineering schemes. Here are several of the most popular ones:
Tax scams
The Internal Revenue Service (IRS) calls saying you owe back taxes and threatens you with a lawsuit or jail time if you don’t immediately pay the debt with a wire transfer, prepaid card or gift card. If you owe taxes, the IRS won’t call you. The agency will contact you by mail. And the IRS will never ask for money using those payment options, or threaten to arrest or sue you.
Security tips: If you receive a call like this, hang up immediately without providing any personal or financial information. Never buy gift cards to pay anyone contacting you unexpectedly. Reputable companies do not ask you to buy gift cards to pay them
Charity fraud
Using the name of an organization that is similar to a well-known, reputable charity, fraudsters employ high-pressure tacticsnto encourage you to donate on the spot.
Security tips: Ask for detailed information about the organization and take the time to confirm it is a trustworthy charity. Don’t feel the need to give money on the phone. You can always donate later.
Computer tech scheme
With this scam, you receive a call from someone telling you there is a serious problem with your computer. This fraudster is seeking remote access to your device in order to “fix” the issue. Instead, they will infect your computer with malware.
Security tips: Never grant access to your device when you receive this type of call. Don’t provide the caller with any personal, account or computer-related information. Instead, ask the caller for their name, as well as the name of their company. Then hang up, and call back using the official phone number for the company.
Online dating scams
Be leery of people you’ve met online – often through dating or social media sites – who initially seem romantically interested in you. But, as time goes on, they ask for money (usually by wire transfer or gift card) to pay for a medical emergency, the cost of travel to visit you or some other reason.
Security tips: Avoid sending money or gifts to someone you have never met in person. Ask anyone you meet online plenty of questions, and look for discrepancies in their answers. If you feel someone is trying to scam you, stop all contact with the perpetrator immediately.
Lottery schemes
While the details of these schemes vary, they all involve a fraudster asking you to pay a small fee upfront in exchange for a larger return later. The payout you are promised may be connected with a lottery winning or special gift. After paying the fee, you will receive little or nothing of value in return.
Security tips: Don’t conduct business with someone you haven’t researched on your own to confirm their authenticity. You may want to search for information online about the individual, contact the Better Business Bureau, or speak to your financial advisor.
If you believe you have fallen victim to any of the above scams immediately contact your financial institution and the proper authorities.