Social engineering remains the primary strategy for delivering malicious software, but even when malware isn’t involved at all, criminals employ a wide range of phishing tactics to dupe victims into surrendering their private information. To make matters worse, the scams are becoming cleverer and more brazen, and although no one wants to believe they’d ever fall for the charade, many people still do.
Scammers routinely target business users who have access to high-value information. Small businesses especially are a favorite target, since they are often perceived as being less prepared than larger enterprises. That’s why every business, regardless of its size or scope, needs to provide awareness training to its employees.
Here are some things your team should be on the lookout for:
#1 Fake addresses
A universal tactic among social engineering scammers is that they will masquerade as operatives of legitimate companies or, in the case of targeted scams, as someone the victim knows personally. To build trust and come across as more authentic, they will often use spoofed email or web addresses.
To ensure that a link in an email is genuine, always hover your mouse over the link text without clicking it, look for any misspellings or unusual domain names. You should also double-check any potentially suspicious email by looking at the sender’s address. Be wary of receiving messages from a generic email address it may be a fake one.
#2 Fear tactics
Phishing scammers often mimic the tactics of less scrupulous advertisers by building fear or establishing a sense of urgency. Examples include scammers masquerading as officers of the law or operatives from companies claiming that your account has been hacked and that you need to provide personal information to regain access.
These days, most legitimate organizations stay clear of using fear tactics, and you should immediately regard any such email or landing page with suspicion. Look out for commonly spammed trigger words, particularly in email subject lines or webpage titles.
#3 Impersonal communication
The most common scams tend to be generic in nature and are sent out en-masse in the hope that a handful of individuals will succumb. Since these scams make no effort to research their targets, they often exhibit a complete lack of personalized communication. Look out for common red flags, such as a generic salutation or the lack of any name in the correspondence.
Note, however, that targeted phishing scams are on the rise. Victims are addressed by name, and more sophisticated scammers clearly demonstrate a deeper knowledge of their targets.
#4 Information collection
Social engineering scams work by manipulating victims into taking desired actions, such as downloading a malicious attachment or unwittingly giving away personal data such as login credentials or payment information.
It's important to keep in mind that no legitimate organization will ever, under any circumstances, ask for things like passwords over any channel, email included.
Things get a little more complicated with phishing sites, which can look genuine. To verify if a website is authentic, you should Google the company to find their official website instead of clicking a link on an email. If their addresses don’t match, then the linked site is fake.
#5 Suspicious downloads
Social engineering attacks often come with things like malicious email attachments or malware hidden in downloads from compromised or spoofed websites. Malware isn’t spread exclusively through executable files either — even a Word document can contain malware.
You should never rely fully on your antivirus software to automatically detect and quarantine malware. Instead, err on the side of caution by never downloading a file if you don’t know exactly what it is. You should never download email attachments you weren’t expecting, even from senders you know. Always verify first from the sender before downloading.
Just as legitimate organizations are leveraging modern technology to improve their operations, cybercriminals are making use of an ever-wider range of tactics and tools to scam their victims. That’s where Quicktech comes in. We take the proactive approach to cybersecurity to help businesses in Richmond, Burnaby, Surrey, and all other cities of Greater Vancouver stay safe. Call us today to learn more.