Social engineering: do you know how to protect against online manipulation?

Social engineering might be a term you’ve heard of before but what is it exactly and why does it matter? In short, it’s a tactic used by malicious individuals to manipulate and deceive people into revealing sensitive information or compromising their security - and unfortunately, it’s happening more frequently in our hyper-connected world.

Cybercriminals use various methods and psychological manipulation techniques to deceive individuals with the ultimate goal of gaining unauthorized access to personal information. Unlike other broadly targeted scams, social engineering attacks are often personalized, with fraudsters doing their homework first. That is, they invest time and energy into learning about their targets, scouring social media and other information that might be available online, all with the goal of creating convincing and relevant messages that make it more likely for their targets to fall victim. To protect yourself from getting tricked by online social engineering schemes, it is important to be aware of the tactics used by cybercriminals and follow some key tips.

Here are some examples of online social engineering:

Phishing: Fraudsters send deceptive emails or messages that appear to be from legitimate sources, such as government agencies, financial institutions, popular online services or even family members or friends. These messages often request personal information, such as passwords or credit card details, or in the case of messages that appear to be from family or friends, the sender will share a fabricated story (e.g. in legal trouble or in an accident of some sort) and request help in the form of money.

Impersonation on social media: Cybercriminals create fake profiles or impersonate someone you know to gain your trust. They’ll even steal your friend’s images from their social media profiles, and then use the image(s) to make their fake account more believable.

Fake websites or online forms: Cybercriminals create websites that mimic legitimate ones, such as banking or shopping websites, to trick users into entering their login credentials or credit card information.

Avoiding online social engineering scams

Social engineering schemes are getting increasingly sophisticated and fraudsters are upping their game when it comes to manipulating and deceiving people. Below are some tips that can help you avoid falling victim:

Be cautious of unsolicited requests: Whether it's an email, message, or phone call, be skeptical of any unsolicited requests for personal information or money. Always verify the authenticity of the sender before taking any action.

Think before you click: Avoid clicking on suspicious links or downloading files from unknown sources. Hover over links to check the URL before clicking on them, and be wary of unsolicited emails or messages with grammatical errors or unusual requests.

Keep your software up to date: Regularly update your operating system, web browsers, and antivirus software to ensure you have the latest security patches and protection against known vulnerabilities.

Use strong and unique passwords: Create strong passwords that include a combination of letters, numbers, and special characters. Avoid using the same password for multiple accounts, as this can make it easier for cybercriminals to gain access to multiple accounts if one password is compromised.

Enable two-factor authentication: Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. Enable this feature whenever possible to protect your accounts.

Be cautious on social media: Be mindful of the information you share on social media platforms and regularly review your privacy settings. Avoid accepting friend requests from unknown individuals and be cautious of sharing personal information publicly. Be skeptical if you’re already ‘friends’ with someone and receive another friend request from them; it might actually be coming from a scammer who has created a fake account and is pretending to be someone you know.

Educate yourself and your family: Stay informed about the latest social engineering techniques and educate yourself and your family about the risks.

Most importantly, trust your instincts. If something feels off or too good to be true, it probably is. If you receive a suspicious email or message, do not hesitate to report it to the appropriate authorities or the organization being impersonated.

Did you know you can even report phishing text messages? Forward the text message to 7726 with the word “SPAM” in the body of the message. By reporting such incidents, you not only protect yourself but also help in the fight against cybercrime. Stay vigilant, informed, and safe online by signing up for the TELUS Wise newsletter.