Avoiding Social Engineering
Episode ID S3E01
June 20, 2023
Social engineering is essentially a con game where a criminal tries to trick a victim into doing something, or sharing private information that the criminal can then use to their advantage. This can happen in person, on the phone or via email. Tune in to learn how to identify these types of cyberattacks and how to avoid becoming a victim of fraud.
Hello, this is CoBank’s Fraud Wise, helping you avoid becoming a victim of fraud.
Billions of emails are sent and received every single day, which also means, unfortunately, some of them might be attempts to commit fraud – this occurs through various forms of email impersonation, which is a form of social engineering.
Social engineering is essentially a con game where a criminal tries to trick you into doing something, or sharing private information that they can use to their advantage. This can happen in person, on the phone, via text or via email.
There are many ways that criminals can create emails that look like they come from trustworthy sources. They may use a fake domain name that closely mimics a legitimate domain, called Spoofing. At first glance, it can be hard to notice the discrepancy, and criminals are using new and changing tactics every day, which can make it nearly impossible to detect a difference.
Another approach is to use phishing techniques to trick you into clicking a link that will install malware on your computer. If malware is installed, criminals can gain access to your account to either directly access your bank account or use your email address to steal your funds through additional social engineering methods. Examples of these methods include sending an email to a customer requesting payment to a new bank account, emailing the list of contacts on the email account and requesting a donation for a “health” emergency or combing through the email contents for private and financial information for their benefit.
So what can you do to protect yourself against a fraud attack? You need to put your guard up and be a little less trusting. If something feels off – even if the email address and domain seem legitimate, still consider whether the email message itself seems questionable. Pay attention to the tone of the email. For example, does the language and format of the message sound like the sender? Is there an unusual sense of urgency or secrecy? If anything seems strange, it’s always better to confirm the request with a phone call you initiate and to a phone number you have verified yourself – not one that’s provided in the original email message.
Stay very aware and follow your gut – if something seems off, it’s better to err on the side of caution and confirm the request. Some public email providers will send suspicious log-in alerts to an alternate email address. If you receive one of these alerts, take it seriously. Contact the provider and change your password immediately.
And finally, always opt for two-factor authentication when it’s offered by any internet service …it’s an extra step, but better safe than hacked.
This has been CoBank Fraud Wise, helping you protect against fraud.