We encounter social engineering every day, but not many people know it by that name. Social engineering refers to the deceptive tactics used by online criminals to get us to reveal private information. It could come in the form of a phishing email or a phony tech support call. But social engineering is less about the technology and more about the human factor.
Although social engineering comes in many shapes and sizes, the intention is always the same. If a hacker can convince you, the person behind the keyboard, to click a link or download a file, they can bypass any security precautions. Here’s how you can recognize and avoid common social engineering tactics.
I mentioned phishing emails and fake tech support calls as two examples of social engineering. You’ve probably also seen posts like the “What’s your pirate name?” game. These so-called “games” ask you to choose based on first initial of your last name, birth month, and so forth. The problem is, these posts aren’t just fun diversions. They’re gleaning your personal information, which can be used by criminals to break into your accounts.
Think about the security questions used to protect your login. Those same questions are the ones you’ll see in these social media posts. Combined with passwords taken in corporate data breaches, criminals can easily break into your accounts. Not only can they gain access to your email and social media, but your bank accounts, too.
Social engineering scams can be so tricky, even experts fall for them. If you received a link from a stranger that said, “Is it you in this video?” – would you click? Probably not. But if it came from a friend, you’re much more likely to do so. That’s why criminals hijack email and social media accounts. Be cautious, even if the information came from what looks like a trusted source. And remember that they’ll try to impose a sense of urgency (like the “I’m stuck in a foreign country and need you to wire me money” scam). Don’t let their tactics throw you off.
How can you protect yourself? Awareness is key. Now that you know what social engineering is, you’ll know to look for it. Whenever you’re asked to give out personal information, whether it’s your initials or the last digits of your phone number or even the name of your dog, think twice before revealing it. Encourage your friends and family to do the same.
You can increase the protections on your online accounts by using two-factor authentication, which sends a code to an authenticator app or your phone. This works in tandem with your password. Of course, the criminals have gotten wise to this precaution, so now they’re trying to trick folks into revealing their two-factor codes. Never give out your code to anyone.
Remember that social engineering comes in endless forms. It could be through email, an unexpected phone call, an online post, a pop-up window, or a fake ad. When in doubt, don’t click and don’t provide information.
• Triona Guidry is a computer specialist and freelance writer offering tech support, web design and business writing services. Visit her Simple Tech Tips for Home Computer Users blog at www.lightningtechsupport.com to receive weekly computer help by email.