Social Engineering 101Part 1
Most professionals in the technology industry will tell you that the weakest link in any security chain is the users, and especially those who are too trusting when it comes to their cybersecurity protocols.
Social Engineering, SE, is the use of deception to manipulate individuals into divulging confidential information that they can use for fraudulent purposes. Hackers or phishers use SE to try to gain access to your systems or network instead of trying to hack into your software.
The most common type of SE is Malicious Emails. We’re going to explain the basics of Malicious Emails to you today so that you can be aware if something like this happens to you. Hopefully, if you know the signs of phishing and scams and you know what to do, it will stop the chain reaction before it does damage to your online environment.
Click on the titles below to learn how to identify the various elements of a Malicious Email:
Is this email safe?
Email Phishing Scams - ExamplesPart 1
Daniel from accounting needs your bank information…
Your friend you saw last night is stuck in Cuba with a broken leg…
Your package delivery failed, please click here…
I need a wire transfer…
The prince of Nigeria needs your help.…
Are you in the office this morning?
Here’s a document for you, click here…
Urgent action required! Click here!
Your account will be closed!
Your account has been compromised!
Not all phishing attempts are obvious, some are pretty smart and difficult to identify. They all follow the same formula; the hackers will try and trick you into giving them money, information, or access to your computer.
The Sender - They often aren't who you think they are.
Are they asking for something unexpected?
Are they asking for personal information?
Do they sound normal?
Is their punctuation, spelling and, grammar very poor?
The Sender - Beware of impersonations.
Some phishers will also use names and information from other people in your organization, like email@example.com to help them gain your trust and trick you into thinking they’re someone you know.
Attachments - Always be suspicious
If you are not expecting a file, even if you think you trust the sender, don’t open it. It could be malware or some kind of virus that can harm or take over your computer.
Sometimes malware is designed to get you to input your personal information, like passwords, security answers, or banking information into it so the phishers can steal it. Always be suspicious of filling out unverified attachments.
When opening an attachment, even one from a supposedly trusted sender, being aware of the file extension (the abbreviation after the period in a document’s name) can help keep your computer safe from hackers. If someone tries to gain access to your account through an email attachment, it’s often through an executable file, which can allow them access once you open the attachment.
The file extensions on the right are all executable and therefore unsafe files to open. If you ever receive one, there’s a strong chance it’s going to be malware.
Report your suspicions to your IT team so they can help keep your, and all of your contacts’, systems safe from viruses.
Risky Attachment File Extensions
Links - Where are they actually sending you?
If you hover your cursor over a link without clicking it a box will appear that shows you the destination of that link. If you don’t recognize the final destination, it’s probably a scam.
Redirects are when a link seems legit but instead of taking you where it should, it redirects you to a scam page without you knowing.
Summary - The 4 easy steps to identifying a malicious email.
Phishers are smart; they’ll try and trick you into believing they are who they say.
IDENTIFY THE SENDER
Some phishers will also use names and information from other people in your organization
DON’T TRUST ATTACHMENTS or LINKS
If you are not expecting a file, even if you think you trust the sender, don’t open it or click on it. It could be malware or some virus that can harm or take over your computer.
Report your suspicions’ to your IT team so they can let help keep your information and systems safe from viruses and intruders.