Social engineering is a term used to describe a broad range of manipulative behaviour to trick you into revealing personal or confidential information. Social engineers use human psychology rather than technical hacking expertise to access your personal or professional systems, data, and network.
Social engineers target human behaviour
The more you know, the better you can protect yourself, your information, and your privacy. Social engineers do their homework by researching and monitoring the social media and online activity of individuals and companies. They're looking for personal information such as your interests, hobbies, memberships, and associations that can assist in creating a connection or uncover a weakness they can exploit.
Whether by phone, email, text, or in-person, social engineering fraud attacks can come in many forms, but ultimately, they all have a single goal — to separate you from your money.
Be prepared, not scared, and remember:
-
Never select links within emails or accept a gift in exchange for information
-
Think twice before responding to an urgent request
-
Be discerning in what you read online and on social media
-
Watch for signs of social isolation in family and friends
-
Enable and use additional security software on your computer
-
Don’t browse on dangerous sites that could infect your computer
-
Don’t let fear or intimidation lead to impulsive behaviour
-
Don’t reuse passwords or select easy security questions
-
Think before you share personal information on social media
-
Don’t use public Wi-Fi to do personal business
Curiosity
Curiosity can be a wonderful quality related to inquisitive thinking, investigation, or a thirst for learning. When it comes to online behaviour, curiosity without caution opens the door to fraud, particularly if the victim believes they will receive something in return for responding or clicking a link. Whether through social media platforms such Facebook, Instagram, Snapchat or via email, responding to requests from strangers can be dangerous.
What can you do? Don't ever select links within emails or provide information in exchange for a "gift," as these often link to unsecured or spoofed sites that look real but are not. Responding to information requests through social media platforms can open you up to identity fraud, romance shams, online job scams, or even extortion.
Urgency
Social engineering relies on creating a sense of urgency in the hope you will leap before you look. Social engineers use different tactics to elicit a quick response through time limited deadlines or special offers, gifts for responding to a survey, or creating a financial or personal emergency that requires you to react immediately. The emotional impact is so strong that people focus on the urgency and ignore other elements of a social engineering attack, such as spelling, grammar and the source of the email.
What can you do? Slow down and look for signs of social engineering. If you are unsure, always err on the side of caution. Delete emails from people or organizations you don't know. Shut the door on those who canvas neighbourhoods, and hang up, or use call display to monitor whether to pick up your phone.
FOMO (Fear of missing out)
Social anxiety has increased with the use of social media, creating a fear that you may be missing out while others are having more fun and leading better lives than you. Social engineers’ prey on negative emotions and distractions from social anxiety that lead to compulsive and impulsive behaviour.
What can you do? Take a break from social media. Slow down and focus on enjoying the things you're doing. Be mindful and present in your own life. Practice being more discerning in what you read and determine whether this information is essential or simply noise that doesn’t contribute to the quality of your life.
Loneliness
Many of us can feel lonely at some point in our lives. For others, loneliness can lead to social isolation. Social engineers target those who may be isolated, such as seniors. In exchange for personal information, fraudsters offer prizes, free services, or “quick” financial returns. They want to forge an emotional connection and create a relationship based on earning your confidence. Once they achieve a position of trust, the door to fraud is open.
What can you do? Social isolation has increased, and along with it, fraud. Physical distancing effectively avoids COVID-19, but if you, a family member, or a friend is feeling increasingly isolated, it can have a significant impact on your mental and physical health. Stay connected, reach out to friends and family, and seek advice from your doctor, therapist, or social agency for help connecting to online groups.
Carelessness
Careless internet browsing is a result of bad habits and risky security behaviour. Would you choose to stroll through a dangerous neighbourhood? If not, don't browse in risky online neighbourhoods. Cybercriminals use shocking headlines and images to lure people to their site, knowing they will drop their guard once there. It only takes one careless click to expose your network or infect your computer with malicious software called malware.
What can you do? Protect yourself by enabling or using additional security software measures on your computer and think before entering sites you suspect may be unsafe.
Fear
Fear is a strong human emotion that can lead to uncharacteristic behaviour. Fear makes you susceptible to manipulation and suggestion. It heightens anxiety and leads to impulsive decisions. Social engineers count on a strong reaction and use this emotion to manipulate people into reacting before considering the consequences.
What can you do? Slow down and think it out. Social engineers count on a knee-jerk, spontaneous response. Before you react, think about who is sending the email and why. It's worth taking the time to ask questions, do your research, or call the organization directly. Remember, financial and government institutions never call or use email to threaten you or demand money.
Respect for authority
We are all raised to have a healthy respect for authority and to respond to inquiries when contacted by someone in a position of power. When you receive an email from the CEO of your company or the Canada Revenue Agency — you take notice. Social engineers rely on this when they request personal information, solicit donations, or ask you to purchase gift cards.
What can you do? Respect for authority is good but you don’t have to follow it blindly. Go to the source directly to confirm the request is real. Check with your manager or call the Canada Revenue Agency directly.
Reusing passwords
We use passwords to access almost everything in today's world — from online banking and credit cards, to streaming networks and your online newspaper subscription. Cybercriminals count on people reusing the same password across multiple programs. Similar to reusing passwords, is selecting security questions from a list that may be easy for others to guess: security questions such as, In which city you were born? or What high school did you attend? can easily be researched online or through social media.
What can you do? Even though inconvenient and sometimes hard to remember, it is highly recommended to use different passwords across your accounts to prevent easy access. Use phrases, family sayings, or song lyrics that can be easy for you to remember and harder for others to guess. If you choose to keep a list of your passwords, do not save this list on your computer, or print it out and tape it to your monitor. Find a secure place like a lockbox or a file cabinet to hide your list. When selecting or creating security questions, choose ones that are impossible to guess.
Oversharing
Posting personal information on social media can be a great way to keep in touch with family and friends. Still, oversharing personal details can pose a risk to your safety. For hackers, thieves, and others, a big digital footprint provides lots of information that can be used to harm your financial, working, or personal life. Oversharing information can also come back to haunt you later, such as in a job interview, or a court of law.
What can you do? Ensure you enable your privacy settings when on social media, and limit access to your personal information to close friends or family. Before you post, consider the possible consequences of sharing personal information on any public platform for your safety and the safety of those close to you.
Using public hotspots
You take a break from a busy day to grab a coffee and sit down. You begin browsing through your email using the free Wi-Fi provided. Free public Wi-Fi is a friendly service to offer your customers, but remember public hotspots are not secure. If your phone is set to "auto-join," you could unwittingly provide private information to strangers. It might be convenient, but connecting using unknown sources, such as Wi-Fi or Bluetooth in public spaces, or downloading files from an unknown device is risky. Someone could access your private login details while you are connected.
What can you do? Use your mobile data network, which has built-in security, and never conduct online banking over a public Wi-Fi network.
Learn more about spotting fraud and how to protect yourself from common scams:
