In honor of National Cyber Security Awareness Month, Stevenson University Online is posting a weekly blog in October to raise awareness about the importance of cyber security.
In our current online environment, access to individuals around the world has never been easier. Through the likes of Twitter, Facebook, and evolving email technologies, strangers are one click away. While it is possible to form various types of relationships through digital means, there is also the potential to leave yourself vulnerable. It is easy to develop a sense of trust with individuals online, especially if they share common interests, but it is always advisable to be wary of sharing details with online acquaintances. There are numerous ways individuals can be subjected to online fraud through social engineering methods such as phishing scams and advance-fee scams.
Webroot.com defines social engineering as, “The art of manipulating people so they give up confidential information.” Once they attain that information, they can collect more personal information and go on to collect the information of those around the victim. Social engineering is successful because it relies on human error, emotions, and faults in human reasoning, rather than trying to hack into an email or bank account. By establishing a rapport and leading individuals to believe that they are trustworthy, attackers gain access to the personal information. Phishing Scams and Advance-Fee scams are just two examples of tools attackers use to manipulate unsuspecting victims through social engineering.
Social Engineering attacks can also be known as “Cons” or Confidence Attacks. The art of conning has been around for ages, and can take shape in various forms. While this sort of manipulation can be used to gather personal information, it can also be used to acquire valuables such as money and other personal possessions. As technology is constantly improving, new scams and avenues to perform existing scams are increasing, which heightens the need for maintaining online safety.
Phishing Scams- Hook, Line, and Sinker
There are many online scams that are designed to separate individuals from their money, the most prominent one is known as a phishing scam. Per techtarget.com, phishing is defined as, “A form of fraud in which the attacker tries to learn information such as login credentials or account information by masquerading as a reputable entity or person in email, IM or other communication channels.” Phishing scams can be used to gain bank account details, or passwords to personal accounts such as email and social media. As a result, personal data can be compromised and sold on the black market to individuals seeking to make purchases with stolen bank details, or impersonate someone else online. Often, phishing scams will take the form of someone acting as a bank official or someone of merit.
One example involves an email scam that impersonates a representative from the Federal Trade Commission (FTC). According to an FTC article, the following is an example of a fraudulent email:
“This notification has been automatically sent to you because we have received a consumer complaint, claiming that your company is violating the CCPA (Consumer Credit Protection Act).
According to our policy, we have initiated a formal investigation before taking legal action. You can download the document containing the complaint and the plaintiff contact information, from…”
This email is meant to be intimidating, and according to the article, bears the official FTC seal and a seemingly official email address. This is a security threat that relies on recognition and reputation, because if individuals are receiving emails such as these that bear familiar logos and brand markings, they are more apt to feel comfortable sharing information. In addition to a sense of familiarity, emails such as these also invoke a sense of fear, because individuals are told that they are being investigated due to breaking the law. In a state of fear, rational thought may be clouded and individuals could more likely to click on a link contained in the email. The FTC article states that the links within the email likely contain malware which can ruin a computer if they are clicked on. Maintaining awareness and staying vigilant while online helps to combat such scenarios.
This sort of interaction establishes a sense of trust between the scammer and the victim. Phishing attackers will often send emails using official logos, or contact victims in a capacity that appears legitimate. Once the scams are done, victims are forced to go through an arduous process to restore their finances, credit, or identity.
Advance-Fee scams, better known as 419 scams, are defined as “a type of scam in which the victim is convinced to advance money to a stranger. In all such scams, the victim is led to expect that a much larger sum of money will be returned to him or her. The victim, of course, never receives any of this money.” This definition from whatismyipaddress.com uses the word “convinced,” which is indicative of the nature of the scam. In order to convince someone to send money, there needs to be an initial relationship formed, which scammers often do in a few different manners. Some scammers will give victims a sad story and guilt them into sending money. In establishing rapport and maintaining constant connection, victims feel more attached to the scammers, which in turn leads them to continue spending money and trying to help.
How to Stay Secure Online
While there are several scams and dangers in the online world, it is not as scary as it may seem, provided individuals are careful with how they present personal information. Being wary of information that is presented publicly goes a long way in maintaining online safety. In the case of many deals or scams online, it is effective to either ignore them or inquire for more information. Reputable sources or institutions should be able to provide further information and have clear communication. Scammers, on the other hand, will typically skirt around details and refuse to continue further interactions. By limiting the sending of personal information to people you know and trust, these social engineering scams are less likely to be effective. In the case of uncertainty regarding one’s true identity, there are a few ways to ensure that a source is truly reputable.
Many fraudulent emails come from those impersonating financial institutions or employees from such establishments. An essential factor to be aware of is whether email communications have typos or not. Many emails from any credible entity will not contain typos, because emails simply follow a template. In the case of personal communications that do not follow a template, the email address is another indicator. If an email address contains a company name, without typos, it can likely be trusted. For example; if an email address is supposed to contain “@stevenson.edu” but instead contains “@stevensonschool.edu,” it is not a valid email from Stevenson University or a representative of the school. This same method can be used to identify fraudulent web addresses also.
In terms of personal relationships, scammers may attempt to impersonate friends by taking pictures from their social media accounts or even hacking in to them in order to get personal information from an unsuspecting victim. One way to combat this is to verify any unusual requests via phone call. If a close individual is communicating in a manner that is out of character on social media, it is worth reaching out to them via a method that is secure, such as their phone or meeting up in person. Doing so minimizes the amount of personal information sent over the internet, and can protect individuals from information being stolen.