in the digital age Protecting yourself in the digital age
Social engineering takes many forms. Anyone who spends time online, communicates via e-mail, or answers their phone may be targeted through social engineering and fall victim to cybercriminals.
Protect yourself by understanding more about social engineering and how it may be used against you. Knowing what to look for and what to do if it happens can help you reduce the chances of having someone steal your personal or employer data, cash and assets from your financial accounts, and more.
Playing on hopes or fears, criminals will use e-mail to cast a wide net to gather personal data from unsuspecting targets. This is known as phishing. In contrast, spear phishing happens when a specific user’s personal details are used to target him or her directly.
Look for new messages
Look for new messages
Look for inquiries asking for personal data, like your anniversary, the name of your favorite pet, or your children’s birthdays. These inquiries may look friendly (e.g., “Let us help you celebrate!”), while in reality the criminal may already have some information on you and wants to know more to narrow down account access information.
These inquiries may come via e-mail in phishing, or via phone calls, known as vishing.
Never provide sensitive information
via e-mail or to someone who calls
you directly, including:
Phishing e-mails from cybercriminals purposefully look like e-mails from companies or individuals you regularly interact with. They can take many forms, including that of a missed delivery attempt message from an online retailer where you shop, or from a delivery service such as the U.S. Postal Service. Cybercriminals often use subtle tactics to make their e-mails appear to come from a trusted source when, in reality, they are not. Examples include using a “1” instead of a lower case “l” in the return e-mail address, or adding a word in the e-mail address or return links.
Criminals entice users to download a malicious file disguised as a legitimate, harmless attachment, like invoices, receipts or other documents.
Users are enticed to click on hyperlinks, taking them to a site where malware is downloaded, or the victim may be asked to provide sensitive information via an online form.
Be aware of any form of
unsolicited contact, and don't be
coerced by fear, hope, or urgency.
Don't give personal information
or make a payment to anyone
who calls you.
Be careful of what you post
about your family information,
locations, travel plans, etc. on
social media and neighborhood
Don't trust an unusual sense
of urgency. Tactics such as:
"Account Locked," "Package Was
Undeliverable," or "Security Alert,
Fraudulent Activity" should be a
Double-check the e-mail address
to verify that the message is from a legimate sender. Think about
whether this is an e-mail they
would typicall send you.
Check to see if the grammar and
language fit the supposed sender.
Do not click on any link unless
you are certain it is legimate.
Hyperlinks can be "spoofed".
Hover your mouse over a
hyperlink to see where the link actually takes you.
Never open an attachment from
an unknown source.
Never give your personal
information to unsolicited
callers no matter how much
When in doubt, call them back
at the phone number on your
account statement – not at a
number provided by the caller.
Be aware that computerized
voices leaving messages
regarding legal action against
you are never real.
Do not let callers take control
of your computer to "fix" a
Don't trust your caller ID – it
can be spoofed.