Welcome to the Oregon FBI’s Tech Tuesday segment. This week, building a digital defense against social engineering.
So what is social engineering? Basically, it is a scammer who manipulates you into doing something you wouldn’t ordinarily do. There is often a sense of urgency combined with fear.
Take this example: a scammer calls, texts, or e-mails you pretending to be your bank. He tells you that your credit card is being used to purchase items overseas. If you can confirm your account number and password right away, he can get the card shut down, and you won’t be liable for the losses. If you wait—well, you will be on the hook for fraud.
Or—on a happier note—you receive a message that you have won a great prize. Maybe it is a car or a vacation. If you respond in the next 5 minutes, it is all yours as soon as you pay a small fee for taxes. If you don’t respond right away, the scammer says, you will lose out.
Other than fear—social engineering masters have other tricks up their cyber sleeves, too. One such trick: cashing in on the trust you share with others. In some cases, they have gained access to a friend or relatives’ e-mail or social media accounts. The scammer—pretending to be Grandma—just sent you link to a funny video, and she wants you to look at it right away! Click on it, though, and you have just downloaded malware onto your computer.
Fraudsters can also use your innate goodness against you. They take the disaster or tragedy of the day and guilt you into giving money to what you think is a legitimate charity. By spoofing the look of a real non-profit with a bogus link, your money never makes it to the true victims.
So, how do you build that digital defense against social engineering?
- The number one thing you can do is to “think before you click.” Don’t let the fear get in the way of you making a rational decision.
- Know that no bank, business, or law enforcement agency is ever going to ask you for your account numbers, passwords or payments over the phone. If you get a message asking you for that information, end the conversation.
- Use a publicly available resource to look up a legitimate phone number or e-mail address for the business or agency that purportedly contacted you. You should call them to confirm what is or isn’t going on.
- Report your suspicious contacts to the FBI. You can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your FBI local office.