Phishing Scams and Social Engineering

fish phishing

Phishing scams and social engineering attacks are on the rise.  During 2017, the Internet Crime Complaint Center (IC3) received roughly 11,000 complaints related to tech support fraud. These claims resulted in a loss of nearly $15 million.  Educating internet users about these scams and attacks is key to increasing awareness and prevention.

Phishing Scams

By posing as a trustworthy organization, a phishing scam attack generally occurs in the form of an email or malicious website.  These types of emails or malicious websites aim to solicit personal information from victims. By acting as a credit card company, tech support agent, or even charities, phishing scam criminals will try to make verbal contact with their victim by either telephone, search engine advertising, pop-up messages, electronic device screen lock, or a phishing e-mail warning. Once communication has been established the attackers will try to gain remote access or request bank or credit card information.

Attackers generally suggest there is an issue with the victim’s accounts.  Once the victim shares personal information, the attackers will use it to access their accounts stealing money or racking up fraudulent charges. Attackers will prowl on potential victim’s emotions during current events such as natural disasters, health scares, political elections, and economic concerns.

Social Engineering

A social engineering attack typically will require the attacker to use their interpersonal skills to obtain information about an organization or their computer systems. For an attacker to gain the trust of potential victims, they will seem knowledgeable, respectable and sometimes offer credentials to support their identity. Typically, social engineering attacks will involve more than one individual at a company.  By questioning multiple individuals, the attacker will be able to piece together private information about an organization or their networks.

Protect Yourself and Company

Anytime an individual possesses knowledge of sensitive information they should be armed and ready for the potential of phishing scams and social engineering attacks. Guard your information with these helpful tips:

  • Use caution and be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employment or other private information.
  • Verify individual’s identities directly with their company.
  • Never provide personal information or company information unless you can verify the person’s authority to have such information.
  • Never reveal personal or financial information in email.
  • Do not respond to emails or follow links that ask for personal or financial information.
  • Before sending sensitive information over the internet check the website security information.
  • Pay attention to the URL of a website.
  • Malicious websites can look identical to the original site. However, the URL may use a variation in spelling or a different domain.
  • Verify the legitimacy of email requests by contacting the company directly.
  • Install and maintain anti-virus software, firewalls, and email filters to minimize some of this traffic.
  • Utilize any anti-phishing features or email client or web browser offers.

Individuals who believe they may have been a victim of an online scam should file a complaint with the IC3