Last month, in Part 1 of Identity Theft and Why Passwords Matter, we took a harsh look at the importance of a strong password. We learned about the vulnerability associated with connected online accounts and a common practice known as “Daisy Chaining.”
We also discussed the REAL story and identity risks behind all those fun, “get to know me” lists, online quizzes, and personality tests.
If you have not yet read last month’s post, have a look. CLICK HERE
This month, we look at additional ways we’re all at risk and learn to better protect your identity in the Digital Age.
Social Engineering Attacks Lead to Identity Theft
Are you familiar with the term “Social Engineering Attack” as related to electronic security? If not, here you go. “Social Engineering Attack” is a fancy phrase used to describe a way in which those who traffic in illegal data mining, use methods of access that include human interaction and involvement as part of their scheme. Simply put, criminals come up with ingenious, highly interactive and personal ways to trick folks into letting down their guard. They count on the fact that they can get you to bypass your normal, “best practice” security procedures.
A Social Engineering Attack is carefully crafted to catch you off guard and to play on your emotions. It often involves a sense of urgency and is by nature, manipulative. These attacks are specifically DESIGNED ploys based on typical human reactions. They are engineered based on social trends, habits, or tendencies.
You may recognize words like tailgating, phishing, or baiting. These attacks can take different forms – we’ll look at a few, help you see what is at risk, and know what you can do.
Avoid Social Engineering Attacks via Email
PHISHING scams are a type of Social Engineering Attack. They often occur via email and are the most common type. Your “Spidey Sense” should kick in when you see any of the following:
- Emails from suspicious email addresses that include URLs you don’t recognize
- Emails from an email address outside the US
- Overly simple email subject lines or minimal content in the body that includes a hyperlink
- “Urgent” emails from the IRS, your bank, or a credit card company
- A request that plays on your emotions, fears, or presents a finite deadline as a way to focus your attention and create urgency
- Emails asking you to login to the IRS, your bank, or a credit card company
- Emails regarding warranties, domain registration, email hacking problems, etc.
- Requests for personal information
- Free anything!
- Emails from a friend, by name, requesting help getting out of an urgent predicament
- Emails regarding lottery winnings or big payouts
- Poor grammar, incorrect spelling, and typos
How to Keep Safe
Phishing via Email, Phone and Text
Let’s start with the obvious – do NOT click links in emails UNLESS you personally know the sender and recognize the email address or phone number. LOOK CAREFULLY at the email address or number! Your eyes may trick you.
Suzy@ABCcompany.com and Suzy@ABCompany.com look VERY similar!
Resist the Urge to Click – If an email or text comes from someone you do not know or is part of a mass text, email or forwarded email – resist the urge to click on the link!
Slow Down – Time is your friend. Really think things through. Assume it IS a scam and look for evidence that it IS indeed one.
Online Search – Do a quick online search online for clusters of words used in the Subject Line or Body of the email or text. Include the word “scam” to your search. EXAMPLES: IRS scam, home warrantee scams, your help urgently needed scam, free gift card “(business name)” scam, etc.
Call First – Reject requests for help that come via email. If something comes from a friend – CALL them in the way you normally would to see if it is legit! We have a series of posts that goes into this in depth. If you have the time, it is a CRAZY true tale that hit VERY close to home! CLICK HERE
Hang Up – Reject urgent, time-sensitive requests for help that come via phone or text. Just hang up. Do NOT say anything. Your voice is likely being recorded. Words spoken in your own voice including yes, no, your name, address, etc. are very valuable pieces to a sham identity and will be used against you. SAY NOTHING and hang up.
Ask for Their Number – In the event of a call that you just cannot shake or rule out as real, always request a number you can use to call them back. Scammers often have numbers where you can call them back, however, you can do an online look-up and even save for the police if it comes to that.
Stay Mum – Never give a password or social security number to someone who has contacted you – the IRS, a credit card company, bank, etc. Instead, get THEIR number, the name of their company and get off the phone.
Nice People Get Hacked – Resist any impulse to “be nice” and get off the phone!
Be Suspicious – If it is a company with whom you do business, contact the company through the phone number and channels YOU would use on a random day of the week. Do NOT use the info the caller gave you. Instead, give that info to the fraud department at the company you KNOW is real. If it is not a company you recognize, do an online search for the info they gave you and “scam.” See what comes up.
Be Careful with Electronic Transmissions – Do not electronically transmit sensitive information like account numbers, credit card info and password via email, text or a fax machine you do not fully trust. Remember, emails get hacked, phones get stolen and fax machines scan and store images of the pages you send!
Timing is Everything – Be VERY wary of urgent, fear-based calls in the early morning or late at night – especially ones from the IRS.
My advice still stands: MAKE IT HARD FOR THEM to fill in the gaps in your digital doppelganger. Be Swiss Cheese and leave plenty of holes!
Coming Up in this Series
Part 3 in this series about Identity Theft and Why Passwords Matter I lead off with something you really MUST know. And no, I promise, this is not a “click bait” ruse to get you to keep reading. Just read the section: Guard Your “Yes” – It is a Gold Mine
In Part 3, we also get into pretexting, baiting and other types of Social Engineering Attacks used in identity theft. CLICK TO READ – Part 3
This blog contains general information and is not meant to apply to a specific situation. Please seek advice of counsel before proceeding as each case is unique.