Social Engineering: How to Spot a Scammer to Avoid Being Tricked

posted on Wednesday, February 15, 2023 in SHAZAM Blog

Social engineering is the act of tricking people to obtain their personal or confidential information.

The types of personally identifiable information (PII) criminals want varies. Typically, these bad actors try to trick you and your accountholders into giving them your passwords or financial information. They also want you to unknowingly install malicious software, known as malware, to gain control over your computer.

Anyone can fall into the trap of cleverly designed social engineering tricks. Learning how to spot all types of social engineering attacks is the first step to avoid being tricked.

Types of Social Engineering Attacks

Phishing: Phishing attacks occur when scammers send emails to “fish” for information. These messages are intended to look identical to ones from trusted sources like organizations and people you know.

The message attempts to use your emotions against you to instill fear, excitement or urgency into revealing sensitive information by clicking on links to malicious websites or opening attachments that contain malware.

Once the malware is installed, criminals can redirect you to their controlled site to trick you into giving up your information. This is also known as “pharming”.

Vishing: This is when a legitimate phone number has been spoofed. This trick is commonly used on businesses. Scammers will contact a company’s front desk, customer service, HR or IT and claim to need personal information about an employee.

Smishing: Smishing is like vishing, but the scammer sends text messages instead of calling. Scammers purchase spoofed phone numbers to blast out messages containing malicious links.

In-Person: This occurs when a scammer tricks an employee to let them into an area they don’t have access to.

Also known as "piggybacking", scammers may be dressed as delivery drivers, say they forgot their ID or pretend that they’re “new” to enter a restricted area. Once inside, they can spy on people, access workstations and more.

Tips to Protect Yourself

Carefully check emails for errors

If you receive a suspicious email, check for spelling and grammar mistakes. Also, be on the lookout to make sure any hyperlinks or the sender’s email address is the same spelling as the company they are representing.

Be suspicious of any messages you’re not sure of. If the email looks like it is from a trusted source, do your own research. For example, use a search engine to go to the real company’s site or a phone directory to find their phone number.

Think before you click

Phishing emails use an enticing and emotionally charged subject line to trick you into getting what they want. If you have a strong reaction to an email or online offer, take a minute to check in with your better judgment before proceeding.

Credible representatives will never make you feel threatened or demeaned, nor will they pressure you to act quickly. If an offer is too good to be true, look for the catch.

Don't open email attachments from questionable sources. Even if you do know the sender and the message seems suspicious, it's best to contact that person directly to confirm the authenticity of the message.

Verify the identity of anyone who you don’t know personally

If you’re unsure of a person’s true intentions, it’s best to act upon your suspicions. Even when the sender appears to be someone you know, check with your friend or coworker before opening links or downloading attachments.

Also, be suspicious of any unwanted requests for your personal information. You can directly contact the bank or credit union they are impersonating to confirm whether the contact was legitimate.

It only takes one human error to become a victim of a socially engineered attack. And this vulnerability is the reason criminals are using social engineering techniques more often.

Please share the information in this blog with family members, employees and accountholders. We can all do our part to keep scammers from tricking us by staying vigilant.

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus