Social Engineering

Social Engineering is by far the most common technique used by threat actors to manipulate people into performing actions or divulging information they are after.  

If you have experienced any of these social engineering tactics learn how to report them by visiting our Report Cybercrime page.

Phishing

Is the practice of sending emails purporting to be from reputable companies in order to induce individuals to act, reveal personal information, such as passwords and credit card numbers.

Tell-tale signs of a phishing email

  • An unfamiliar greeting. 
  • Grammar errors and misspelled words. 
  • Email addresses and domain names that don't match. 
  • They mimic a trusted domain (i.e., “rnicrosoft.com” instead of “microsoft.com”). 
  • Unusual content or request – these often involve a transfer of funds or requests for login credentials. 
  • Urgency – ACT NOW, IMMEDIATE ACTION REQUIRED.
Email screenshot circling things to spot in a phishing scam: call to action heading, hovering over links shows destination is actually different than the link text. open_in_full

How to protect yourself from Phishing

  • Be cautious and suspicious of any email that asks you to provide login credentials or financial information.
  • Do not open links or attachments from suspicious emails. It may contain malware or direct you to a fake website that is designed to steal your information.
  • Verify the authenticity of the emails by reaching out to the organization through a verified phone, email, or website.
  • Disregard and report/block the suspicious email.
  • Keep your software up-to-date. Software updates contain security patches that can help protect against the latest threat.

How to recognize phishing and scams

Smishing

Is a type of practice that involves sending text messages (SMS) or other forms of text-based communication, such as WhatsApp messages or any social media messages, to trick victims into revealing personal or sensitive information, downloading malicious software or visiting fraudulent websites.

Tell-tale signs of a smishing text message

  • Unfamiliar sender or phone number. May appear as a well-known company or organization but the sender’s information may be spoofed. 
  • Urgency or a sense of pressure (i.e., “Act now, Account needs immediate attention!”, “limited time offer!”). 
  • Suspicious links or attachments. Contain links to malicious websites or attachments when clicked and download malware on the device. 
  • Request for personal information and asks for sensitive personal or financial information. Legitimate organizations will not typically request this information. 
  • Contains poor grammar and spelling errors.
SMS screenshot showing things to notice in smishing scam: unknown number, call to action link, link takes you to different website than the one listed/intended. open_in_full

How to protect yourself from Smishing

  • Be cautious and avoid clicking on links or downloading attachments.
  • Verify the authenticity of the message.
  • Do not provide any personal or financial information.
  • Disregard and block the number.
  • In an event you provided your financial information to a scammer, contact your financial institution and cancel fraudulent transactions and block future charges.

Vishing

Is a type of practice that involves a scammer using voice communication, typically over the phone, to trick someone into revealing sensitive information, such as bank account numbers, social security numbers or credit card numbers. Vishing attacks involve an automated phone call or live caller pretending to be from a legitimate organization or someone you know. Attackers will use various techniques to gain the victims trust and convince them to divulge sensitive information or to send them money.

Tell-tale signs of a vishing call

  • Unusual offer or requests that seem too good to be true, such as large sums of money or prize in exchange of providing personal information or performing certain actions. Legitimate organizations will not typically request this information. 
  • Urgency or a sense of pressure. Often include urgent language to make recipient feel like they need to act quickly. 
  • Attackers may threat or intimidate to scare victims providing information or action. 
  • Caller ID Spoofing. The caller ID may be spoofed, making it look like the call is coming from a legitimate organization. 
  • Poor call quality or technical issues. Attackers may use technology that distorts their voice or causes the call quality to be poor.
Voicemail screenshot showing things to notice in vishing scam: unknown number, call to action, urgency and pressure. open_in_full

How to protect yourself from Vishing

  • Be wary of unsolicited calls. If you receive a call from unknown number, be cautious and do not provide any personal information. Do not trust caller ID.
  • Verify authenticity of the call. If the caller claimed to be from a legitimate organization, contact the organization directly through a verified phone number or website to confirm legitimacy of the call.
  • End the call if the caller is suspicious, do not engage in conversation. Use call-blocking and filtering tools to prevent unwanted or suspicious calls from reaching you.
  • In an event you provided your financial information to a scammer, contact your financial institution and cancel fraudulent transactions and block future charges.

ON THIS PAGE