Social Engineering

Social engineering is a term that refers to manipulating or tricking someone into sharing information. It’s very popular, because it’s usually much easier to fool someone into handing over their password than it is to hack their password (unless the password is really weak). Social engineering is generally highly convincing, sometimes made more believable by snippets of information which the fraudsters already have about you.

Once a hacker gains access to your accounts (especially if all use similar passwords), they can impersonate you—sending emails, posting on social media, and exposing you and your contacts to fraud and malware.

Even cautious individuals can fall victim to social engineering if attackers already possess enough background information. Awareness and quick response are key.

Attackers may gather your data by hacking your friends or services you use, setting up fake websites, purchasing email lists, or even harvesting exposed addresses in forwarded messages.

They may gather your details by:

• Hacking into accounts or websites that store your info
• Tricking you into entering details on fake websites
• Buying your data from spammers
• Masquerading as services cancelling spam subscriptions
• Reading the CC field of group emails or forwarded messages

Tips to Avoid Social Engineering Attacks

• Never share passwords, PINs, or ID numbers
• Pause before clicking links—verify messages independently
• Go to websites directly—don’t trust links in messages
• Delete suspicious requests for information
• Don’t open attachments or click links from unknown senders
• Ignore offers that seem too good to be true
• Watch for fake seller ratings and deals on classified sites
• Avoid plugging in unknown USB devices
• Use BCC when emailing many people to protect addresses
• Double-check with friends if a message seems odd—even from trusted accounts