Week 4: Social Engineering
Week 4 Heading link
For as long as people have had “stuff,” there have been other people trying to trick them out of that “stuff.”
These days, the “stuff” some people want to trick you out of is your sensitive information. To do that they use social engineering.
Social engineering can take many forms:
- Someone pretending to be the CEO and insisting you wire money to a bank account.
- Someone pretending to be technical support and asking you for your password to “fix” your computer.
- An email sending you to a web page to “verify” your credentials.
- A USB thumb drive “lost” by an attacker at the entry of your workplace, hoping you will plug it into your work or home computer.
- “Get rich quick” scams, like helping that poor foreign prince transfer his millions of dollars.
A couple of other scams to watch out for:
Advance-fee scams are confidence scams designed to defraud people out of money. In the typical advance-fee scam, someone needs help to gain access to their locked funds. The bad actor usually sends a check to the victim asking them to deposit the check into their account. As payment for doing this, they get to keep a portion of the amount but are asked to send the bad actor a check from their account for the remainder. The problem is that the original check is fake, and usually by the time your bank realizes it’s fake, the bad actors have cashed your real check and taken off with your money. Remember to never accept money from, or send money to strangers on the internet. If a scheme to make money seems too good to be true, it probably is.
A newer type of social engineering scam is the technical support scam. This scam appears through email, browser pop-ups, and even phone call to your home or mobile phone. Bad actors contact the victim and claim that their device is infected with a virus. Sometimes they even claim to be Microsoft. Many times the bad actor provides instructions on how to “prove” the virus is on the device by having them look for and find a file that should be there although the bad actor claims it should not. After gaining the confidence of the victim, the bad actor convinces the victim that they can fix the problem for them, but they require payment via credit card and access to the machine. After the victim essentially pays the attacker to hack their machine, the consequences are endless. Typically, the attacker installs software that helps them retain access to the machine and steal the victim’s data on a regular basis.
The bottom-line here is to never trust unsolicited services. If you suspect your device is in need of technical support, ACCC offers free hands-on support to UIC students, faculty and staff at one of our C-Stop locations. And if you find yourself in the middle of what appears to be a tech support scam, don’t panic. If you’ve already provided access to your device, turn it off. If you’ve already provided your credit card information, call your credit card company to report the incident. You should also consider reporting the incident to your local authorities and the FTC. You’ll also want someone you trust to investigate your device to ensure the bad actors no longer have access to it, and ensure any damage they may have caused is remediated. Again, ACCC’s C-Stop is a great resource to get you started.