The purpose of this paper is to look at three different kinds of social engineering schemes, the prevalence of these schemes, and whether the rates of such attacks are growing or diminishing; the necessary steps I need to take to ensure I do not become a victim, and key organizations that can help me if I am ever a victim of this type of fraud.
Three Different Kinds of Social Engineering Schemes
“Social engineering attacks continue to grow in sophistication and frequency” (Lord, 2017). There are various different forms: Baiting refers to fraudsters trapping victims by promising them a free product such as free film or music downloads after those who are targeted give out their login credentials. This form of social engineering also has a number of similarities to phishing scams. This method continues to be promoted by fraudsters (Bisson, 2015).
Phishing scams are extremely prevalent. They are designed to extract personal data such as social security numbers, and credit card and bank account details. These fraudsters do this by using embed links or link shorteners which redirect users to false websites via URLs which seem legitimate. Another tactic that the fraudsters use is sending out emails which install a feeling of urgency, fear or threat. This can make the user take action immediately without thinking it could be a scam. Fairly recently, phishing emails were received by Google Play Books users as the fraudsters had preloaded malware in cracked APK files. This highlights the way in which these con people often pair up phishing attacks and malware (Bisson, 2015).
Spear phishing refers to a specific form of attack which goes after certain organizations or individuals. The fraudsters’ aim is get hold of and utilize personal data which is unique to the receiver so the fraudsters seem authentic and can gain trust. In many cases the data is taken from different types of online activity or social media. Once this information is attained, the con people have success at conning victims into giving out sensitive data, or granting access to classified information (Lord, 2017).
Steps I Can Take to Prevent Social Engineering
Firstly, I will be very cautious if I receive an email asking me for personal information such as my social security number, password, bank account details or credit card numbers, even when the email appears to come from a known organization, such as my bank. I will not click on any enclosed link or reply to the email either. Instead, I will go to the bank’s or other organization’s website, or phone them using a telephone number I already have. If I go to a website which I feel is suspicious, then I will leave it right away, and if necessary, try to find another way to contact the company. Furthermore, I will ensure that I keep my financial and personal data secure online by using firewall software, regularly updating spyware and anti-virus detection software, by using up-to-date computer security patches, and the Maxthon tool bar, which can inform me about known phishing websites. Furthermore, I will regularly create new passwords, I will not download files or software unless I am familiar with the sources, and I will refrain from sending emails containing any of my financial or personal data. Moreover, I will look on the status bar of my browser to ensure there is a locked padlock image, or that there is an https:// at the start of an internet address, as if these are not there, then the site is definitely not secure (Finra, 2012).
Key Organizations Which Can Help in Case of Online Fraud
One of the best organizations to contact is the FBI Internet Crime Compliant Center (FBI, n.d.) along with the United States Secret Service or other: “appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the crime” (Department of Justice, 2015).
- Bisson, D. Tripwire. “The State of Security.” Web. 23 March, 2015. https://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/. Accessed 27 Jan, 2017.
- Department of Justice. “Reporting Computer, Internet-related or Intellectual Property Crime.” Web. 14 Dec. 2015. https://www.justice.gov/criminal-ccips/reporting-computer-internet-related-or-intellectual-property-crime. Accessed 27 Jan, 2017.
- Finra. “Phishing and Other Online Identity Theft Scams: Don’t Take the Bait.” Web. 29 Feb, 2012. http://www.finra.org/investors/alerts/phishing-and-other-onlineidentity-theft-scams-dont-take-bait. Accessed 27 Jan, 2017
- FBI. “File a Complaint.” Web. N.d. https://www.ic3.gov/complaint/default.aspx.Accessed 27 Jan, 2017.
- Lord, N. “What is Social Engineering? Defining and Avoiding Common SocialEngineering Threats.” Digital Guardian. Web. 26, Jan, 2017. https://digitalguardian.com/blog/what-social-engineering-defining-and-avoiding-common-social-engineering-threats. Accessed 27 Jan, 2017.