spam or social engineering
What is spam?
Email spam, also referred to as junk email, is unsolicited messages sent in bulk to many recipients. Spam is typically used for unsolicited advertising products or services. Though the majority of spam emails are advertisements, some spam emails can be dangerous.
What is social engineering?
Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.
Examples of social engineering:
- Phishing emails – Phishing is a well-known way to grab information from an unwitting victim. Phishing is a cybercrime in which a person(s) are contacted by email by someone posing as a legitimate institution to lure individuals into providing sensitive information such as personally identifiable information, banking and credit card details, and passwords.
- Spear phishing emails - Spear phishing is the act of sending emails to specific and well-researched targets while pretending to be a trusted sender. In the emails, specific details are used by cybercriminals from previous cyber breaches to make the email, phone call or cellphone instant messaging scams more believable and realistic. The aim is to either infect devices with malware or convince victims to hand over information or money.
- Phone scams – This is also known as vishing. Vishing is the voice version of phishing. “V” stands for voice, but otherwise, the scam attempt is the same. The criminal uses the phone to trick a victim into handing over valuable information.
- Cellphone Instant Messaging scams – This type of attack is known as Smishing. Just like phishing, smishing uses cell phone text messages to lure individuals in. Often the text will contain an URL or phone number. The phone number often has an automated voice response system. And again, just like phishing, the smishing message usually asks for your immediate attention.
How do these apply to you?
In the event your confidential information is retrieved or accessed by cyber criminals, there is the possibility that your information will be used. Personally Identifiable Information (PII) or Personal Health Information (PHI) can be sold on the dark web to other cyber criminals for use in identity theft or conning individuals out of money. Cyber criminals typically do this via social engineering, such as phishing, spear phishing or phone calls pretending to be a reputable source.
How do you protect yourself against these types of attacks?
- Delete e-mails from unknown senders
- Only open expected attachments from people you know
- Look at the email address to see if it is one you would expect to see from that person or company.
- Legitimate email = (employee name)@childrensdayton.org
- Phishing email = (employee name)@chlidrensdayton.org **Notice the i and the l are switched around, but looks like a legitimate address
- If there is a web link in the email, you can hover your mouse pointer over the link and reveal the real web address the link takes you to.
- If the web link claims to be going to Microsoft.com, however when you hover your mouse pointer over the link and shows it’s going to Google.com, those two do not match and the email should be deleted.
- Do not click links from commercial e-mails even if you trust the company; phishers can mask malicious content to look convincing from trusted sources - even the IRS!
- Do not give out your name, SSN, telephone number, street address, birth date, credit card numbers, driver's license number, or vehicle registration plate number via e-mail
- Keep your antivirus software and operating system current to fix and prevent vulnerabilities that spam or attachments could exploit
- Regularly check your credit report and bank accounts for anomalies. If any are identified, report them to the appropriate authorities.
Think you've been hacked?
If you believe you have provided any confidential information about yourself or your organization, report it to the appropriate people within the organization, including your cybersecurity team. They can be monitor for any suspicious or unusual activity.
If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
Contact the Federal Trade Commission's ID Theft Clearinghouse.
Report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org