Social engineering attacks were common before COVID-19, but are now spreading like wildfire as scammers play on people's emotions and uncertain financial situations. It is more important than ever to be ON ALERT for suspicious emails and websites.
Technology alone cannot fully protect you -- YOU are the best defence against attacks. Today, CyberCat tells you what social engineering is, how to identify it and what to do when you encounter it.
Social engineering is the use of deception to manipulate someone into giving personal or confidential information. It's when a bad guy tries to fool or trick you into doing something you shouldn't do. This can be done over email or text, through websites, even over the phone or in person. Watch a video.
Phishing is a type of social engineering attack. It's any message that is deliberately faked in an attempt to obtain personal or sensitive data, like credit card numbers or passwords, or to infect your computer with malware and viruses. Here's a quick video.
What to watch for
Does it make you feel panicked or scared?
Attackers create a sense of urgency, often through fear, intimidation, crisis, or a looming deadline. COVID-19 checks a lot of those boxes. Look out for:
The CRA threatening you about benefits or taxes.
Credit card or utility companies telling you about limited time offers or threatening to cut off service.
Health Services reporting that you've tested positive for COVID-19 and will send the results once you provide your credit card information.
Does it seem "off"?
Just because the email appears to be from someone you know doesn't mean that they actually sent it. Email addresses can be spoofed so don't trust it if something doesn't seem right.
Maybe there is something weird about the way it's written, it's not related to your specific role, or even the time it was sent is odd. All these are common red flags of a phishing email.
Is it too good to be true?
The Nigerian Prince may be in self isolation, but now COVID-19 scams the ones are promising quick payouts, just click on this link to collect your $263.10. Other scams impersonate reputable relief organizations with special offers on donations or giving out free masks -- again, just as simple as clicking the link. CyberCat's rule is: if it's too good to be true, delete it.
What to do
DON'T CLICK THE LINK!
If you are not 100% certain that the email you received is legitimate, do not click any links! This is especially true about links while using your mobile device.
We are often rushed and it's in those moments that we are our worst enemies, as one click can change everything. Read slowly and hover over links. Think before you click.
Banks, credit companies, the CRA, etc. aren't going to ask for personal information via email. Go to those sites directly to log in to your account or check for updates.
Don't open or download files from your email if it's unexpected. If it's not something you asked for or were looking for, don't download it.
Get a pop-up or email saying your computer is infected and you need to call "tech support"? Don't call it. Disconnect your computer and call real tech support. If it's a phone call, hang up.
It can be difficult to determine if something is phishing, so the important thing to remember is that if anything feels off, ask someone. A friend, a colleague, your boss, or even the person who supposedly sent the email (not by replying to the email, however). There is nothing to be embarrassed about. It's better to be safe than sorry. If you're alone and unsure, Google the text of the suspicious email. When in doubt, just delete it (or hang up the phone).
TheCanadian Anti-Fraud Centre has a listing of the current COVID-19 frauds and allows you to report scams too. The more you know what's happening out there, the better you can protect yourself.
CyberCat's Favourite Sites
We've just scratched the surface. Here are some places you can learn more. You can trust CyberCat -- these links are safe to click.
Get Cyber Safe is the Government of Canada's national public awareness campaign to educate Canadians about Internet security. Great info for you to read and share with your patrons.
Get Safe Online is the UK equivalent of Get Cyber Safe. An incredible amount of information split into personal and business audiences.
Phishing Quiz is a Google test to see if you can you spot when you're being phished.
Cybersecurity at Work is a Lynda.com course that CyberCat highly recommends. Watch the whole thing or just the social engineering sections. It's very well done.
CyberCat is your guide through the world of cybersecurity. She knows it can be intimidating out there, so that's why it's her mission to educate you about using technology responsibly. She brings you semi-regular information so you can be proactive about protecting yourself. Don't want to miss an issue?