All Points Mobile Shredding Blog
What is a Social Engineering attack?
How NOT to become a victim
Today, there are all kinds of scams and fraudulent activities that hackers use to gain your personal information and steal your identity. Social Engineering is a method thieves use to manipulate people and trick them into giving out their confidential data like passwords, account numbers and more. This type of crime is often done in person, on the phone or via email and the thief will try to gain your confidence by convincing you they are on the up and up—either by wearing a uniform and carrying a clipboard, posing as someone that you would not suspect or by calling you and identifying themselves as a co-worker from another department or someone who knows people that you also know. Although you may think that you wouldn’t fall for such a scheme, many people do everyday. Here’s more about social engineering and what to look out for:
Types of social engineering
There are several ways social engineer hackers attempt to get your information including:
In this instance, the hacker plants something as bait and then waits for the victim to take it. An example of this would be leaving a USB stick in a place where it is likely to be found and picked up. The stick has been preloaded with malware and will immediately infect the first computer that it’s inserted into. USB sticks labeled “payroll”, “bonuses” or “confidential” are often intriguing enough that a person who finds it lying around will pick it up and proceed to see what it contains.
If you’ve heard of phishing—which is a scam attempt usually made via email, to steal your log in information, password or other personal data, vishing is a version of this, only the crook will try to hook you via phone. This type of social engineering involves the scammer calling you on the phone and posing as someone you may trust—like a co-worker or an IT person. The caller will identify themselves, then proceed to ask for log in credentials or other information in order to fix a problem or provide updates to your system, etc.
Pretexting is another form of social engineering that includes the scammer using a false pretext to gain the trust of their victim. In this case, the thief will create a scenario, then ask for personal information in order to remedy the situation. For example, you may receive a text that appears to be from your bank stating that there’s been fraudulent activity on your account. The text includes a link for you to click on and log in. When you do this, you’re actually logging into a false site where the hacker can now steal your username and password—and gain access to your account.
Email hacking and contact spamming
If you received an email from a friend and the subject line was something like, “Check this out” or “Want to go to this concert with me”? You’d open it, right? Hackers using email scams count on that fact that you will. They design emails to look legit, even using names that you recognize to entice you to open them. Once you do, your contacts belong to them and they can spam them gaining access to their email and their data.
How to avoid being a victim
The first step to protecting yourself against social engineering is to be aware. Next, follow these tips:
Slow down & think
Social engineers depend on their victims reacting fast and not taking the time to really think about what they’re facing. So whether it’s an email that looks like it’s from someone you know or a text from your bank, stop before you do anything. Don’t click on any links and follow up with whoever the message is from to find out if they really did reach out.
A random USB stick laying around is fishy—no matter what. Especially one that’s labeled as if it’s confidential or contains valuable information. Resist the urge to pick it up and never insert a UBS stick into your computer without knowing where it came from.
It seems like everyday more and more ways to scam and steal are being discovered. To combat ID theft, be sure you’re staying on top of the latest schemes. Sadly, as long as the opportunity to trick and manipulate people exists, the unscrupulous will use it to their advantage. Remember to follow these tips on preventing social engineers from gaining your trust—and also to shred all outdated papers and personal documents, this includes junk mail that has your name and address on it.
Talk to us at All Points Mobile Shredding to find out about our full-service onsite shedding. Our mobile shredding trucks will come to your home or office and will shred all your documents right in front of you. We also provide you with a certificate of destruction for added peace of mind.