Social engineering refers to the manipulation of people into performing actions to divulge confidential information. Two of the most common forms of social engineering are phishing and spear phishing.
Phishing & Spear Phishing
Phishing attacks use social engineering to lure people into clicking links in malicious emails, websites or ads. They use this technique to accumulate personal and/or financial information or infect your device with malware and viruses. Spear Phishing involves specifically targeted attacks, usually on small groups of targets, to collect specific information or gain access to systems. The attacker may also use more cunning social engineering techniques such as stating there is an important technical update needed, new lower pricing on a product, or free service to lure people in.
Avoid Becoming a Victim
Phishing, malware, and other scams aren’t limited to just emails, websites, or ads. They’re also widespread on mobile devices and social networking sites.
If you are hesitant about whether an email is legitimate, take steps to verify its legitimacy. Contact the company directly using the information provided on any account statement, not information provided in an email.
Analyze the link’s URL. Malicious links and sites often look identical to a legitimate one, but the URL often varies in spelling or uses a different domain such as .com instead of .org.
When in doubt, throw it out. This rule applies to everything from emails to ads, status updates, and any other types of posts.
Before sending or entering non-public or sensitive information online, check the security of the website.
Keep devices up to date. Keep the software on all devices, including but not limited to PCs, smartphones, and tablets, up to date to decrease the risk of infection.