Cyber Safe Horizon Logo
Phone Icon

(888) 344-1362

(972) 888-6037

info@cybersafehorizion.com

Social Engineering & PHISHING

Social Engineering

  • Have you ever gotten an email from someone claiming to be your classmate, bank, phone provider, or another institution you trust asking for personal information? Cybercriminals use social engineering to manipulate users such as yourself into handing over valuable information. They lure their targets into handing over such valuable information— such as your social security number, bank account information, or passwords — by posing as such trusted individuals. The hackers use this trust to convince the reader to send them sensitive information, such as credit card details, a social security number, address, bank account information, passwords, etc. The hackers then use this information to their advantage, and can steal your money, your information, or even your identity! That's why it is extremely important to identify and prevent such attacks.



Phishing Attacks Infographic

PHISHING : MOST COMMON FORM OF SOCIAL ENGINEERING

Phishing schemes are attempts to steal valuable, personal information through deceitful email that looks legitimate. Hackers are more likely to use phishing than other methods of social engineering, because most of the time, the victim does not suspect anything. Phishing attacks through email messages often provide links to websites that seem legitimate, but are in fact fraudulent, where you are asked to disclose personal information, such as your credit card numbers, bank information, or social security number. Scammers may also embed the emails with a virus set to install ransomware that has the ability to lock you out of important files on your computer that can only be retrieved after paying the ransom. Therefore, it is extremely important to take preventative measures to ensure that you are not a victim of a phishing attack.

Identifying Phishing Attacks

There are a number of key ways to identify phishing attacks:

• Phishing emails may contain odd wordings or misspellings. A legitimate established organization is not likely to have poor grammar.

• Watch out for the email ID or address. Hackers will send emails from email addresses that look similar to those of an established company. However, the hacker's email address may have a slight misspelling, only looking correct at first glance. Look out for any key changes, such as having a .com instead of a .org or vice versa. For example, perhaps you get an email from john.doe@bankingcomany.net. If the real address should read john.doe@bankingcomany.org, then you should be able to recognize that the email is not legitimate.

• Watch out for unexpected emails. Many phishing emails will claim to be responding to a request made by you. If you have not made a request for a certain service they are offering, beware that the email may be a scam.

• Fishy URLs are also a notable sign of phishing attempts. Phishing emails will often contain a URL for you to enter information into. Beware that this may be a phony website. For example, hackers claiming to be from your bank may send you a seemingly legitimate link that says it will allow you to change your username and password for your banking account. However, if you hover over this link with your mouse, you may see that the link will actually take you to a different site entirely.

• If you know the signs, phishing can often be easily recognizable; however, phishing attempts are becoming more and more sophisticated and less and less recognizable. So, it is important to always use caution in replying to unsolicited emails or clicking on the links in suspicious emails, although ideally, it is best to not reply to such emails.


Guidelines to Consider

Follow the guidelines below to protect your sensitive information such as personal financial information or other personally identifiable information:

Social Engineering • If you happen to receive an email which contains an urgent request for personal or financial information, use caution, even if the email appears to be from a trusted source (your school, your bank, your work, etc.).
• Never click on links sent to you in emails if you are not sure whether the email is legitimate or not. To verify if a link is legitimate, you should hover over the hyperlink in the email with your mouse, which should show you the URL of the website you will be taken to. If this website is not the link appears in the email, do not open the email. Also, to check if an email is legitimate, you can type in the URL directly rather than clicking on directly.
• Do not disclose personal or financial data through email.
• Verify the security of the websites you visit by making sure that the web address begins with https: rather than http: before submitting credit card or other sensitive information online.
• Make sure to regularly review your bank, credit, and debit card statements to ensure that all transactions are yours and legitimate.
• Turn on two factor authentication to ensure that only person logging in to your account is you.
• To protect your computer from viruses, be sure to keep your browser up to date and ensure that all released security patches are effective.
• Install an antivirus software to block any viruses that may accompany phishing attacks.