Know the Basics about Social Engineering

Back to Customer Education

Ring Ring! 

“Hello, how are you?  I am James and I am calling to tell you about a problem with your computer.  You are not receiving Microsoft updates.”

Or maybe: “Good morning, this is Mr. Doe with your telephone company (or electric, water, or any other service provider).  We’ve noticed a problem with your service and need to ask you a few questions to verify your identity so that we can resolve it.”

Or it’s a call in the middle of the night.  “Have you been calling overseas for the last several hours?”  When you respond with a sleepy, yet startled, “No!” the caller may say, “Well, we have a call that’s occurring right now and it’s being charged to your calling card.  You have already accumulated over $1,000 in charges. If you take care of this now by verifying your calling card number and PIN and make payment with a credit card, I can give you a onetime courtesy credit for half of the charges.”

Stop!!!  It’s easy to just start answering questions or to try to handle a problem, but these calls are almost always social engineering scams.  Social engineering is basically the “art” of getting people to drop their guard and reveal details or access that they’d usually refuse.  An attacker uses human interaction, that is, their social skills, to obtain information.  They may seem unassuming and respectable, but by asking questions, they may be able to gather enough details to steal an identity, access bank accounts, enter your home or workplace, or many other devastating scenarios.

Avoid Becoming a Victim:  Be very leery of unsolicited phone calls, visits, or email messages that request any type of personal or confidential information.  Even if someone seems to know about you, your family or your employer, they could have obtained those details from a social networking site.  For example, did someone post vacation pictures, the results of a ball game, or your spouse’s name?  Criminals can use small details to make you believe they are safe.  NEVER EVER give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information. NEVER share passwords, Personal Identification Numbers (PIN) or access codes.  If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check your previous statements for contact information.

Be Alert! It’s much easier to hang up the phone, even it feels like you’re being rude, than to deal with the hassle and financial strain that can result from falling for a scam.