Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
When people think of hackers or scammers, the picture that comes to mind is a man wearing a black hoodie in a dark room, frantically typing green code on a black screen as they “hack into the mainframe”. Real movie stuff.
However, it’s often not the mainframe that these threat actors are “hacking”; it’s you.
Social engineering plays a large part in most cyber attacks and is the basis of most scams, and it involves persuading you to do something that results in handing over your information.
These scammers will often pose as legitimate businesses, particularly ones you may be a customer of, and will act like they are on your side.
Here are some signs that you may be a victim of social engineering.
They ask you for login details
Posing as a legitimate organisation, these threat actors may claim that something has happened to your account, such as your password being compromised.
They may also pretend to offer you deals or bonuses that seem too good to be true (a major red flag).
Regardless of their reasoning, they may ask for your account details to action their offer. This could be over the phone or via email as a direct request, which they will claim they need to fix issues with your account or grant the deal they are offering.
However, they will likely collect this data, use it to breach or steal your account, or use it for other attacks in the hope you use the same credentials for other services.
Never provide login details directly. No legitimate business will ask for your password or credentials. They may, however, ask for usernames, email addresses, and other identifiers to confirm your identity.
They ask you to click on a link
We have all heard the dangers of clicking on links from unknown parties in emails. Like above, scammers often pose as legitimate businesses and provide a link that they say will take you to a website or can be used to redeem some sort of reward.
These links often lead users to what appears to be a legitimate login site that prompts them to enter credentials. Once again, these credentials will be collected and used nefariously.
The links may also lead to downloads of malicious software, which can infiltrate victim systems to exfiltrate data, monitor activity, or disable systems to hold them for ransom or other purposes.
Recipients of suspicious links, particularly from unknown sources who offer things that seem too good to be true, should remain vigilant and look for abnormalities in URLs and email addresses. If a potential scammer asks you to click on a link, verify it against real URLs. Spelling and grammatical errors are also signs that an email may be illegitimate.
They stress urgency
These scammers don’t want to give you time to think at the risk you figure out their scam. To do this, they will stress urgency, potentially speaking aggressively to cloud your judgement and not give you the time to sit back and think things through.
The scammer will create a situation that needs to be dealt with immediately, such as the above account breach or special deals spoken above. This gives the victim no time to discuss the issue with experts or other staff if a business email or number has been contacted.
Victims should persist and take the time to collect themselves, analyse the communications, and speak with others.
They make a strange request
Some scammers may be confident enough to request money directly, promising to invest it for a larger amount of money or to fix the problem they say you have.
How would you react if your managing director, supervisor, co-worker, or client asked for a direct bank transfer, or worse, asking you to buy copious amounts of Apple vouchers and send them the code? It would be strange, right? This is what is known as a business email compromise (BEC) attack.
If this is the case, and you’re unsure, speak to the person directly, over the phone, or in person where you can verify it’s really them. Even if the email address is legitimate, you don’t know whether or not the email address has been compromised.
Be the first to hear the latest developments in the cyber industry.
