Avoid Phishing Scams (Suspicious Emails and Phone Calls)
The easiest way to gain access to sensitive data is to ask for it. Phishing scams are a constant threat and you should pay attention. Social Engineering is the skill of using tricks to convince someone to do something for you, like give you their credentials.
Look out for any phishing email that asks you to click a link. These can come on many forms, like an online store order confirmation (this is particularly effective because many times you haven’t ordered anything, so you panic, click the link, insert your credentials to log into the store, and that’s where they got you. The login page wasn’t the store’s, it was on the attacker’s server who know has your credentials. The same thing happens to banks. Never trust a link in an email. Type in the URL for the site that you know and check it that way.
Phishing attacks also come in phone calls. High-pressure tactics are used to trip up the victim and get them to disclose sensitive information. Much like the recent IRS scam that notified victims if they didn’t verify their social security number, the local police were on the way to arrest them for tax fraud. It sounds silly, but in the moment, it only takes the slightest hesitation combined with fear tactics to convince a victim to do something they wouldn’t normally do.
Never give out personal information over the phone, even if you think you know the person or business. Call them directly from a phone number you know or look up yourself. Don’t trust the caller to give you the correct number. Ask for their name and tell them you will return the call.
Before you do anything, pause a moment and think about the request. Doing so can prevent you from being a victim of a phishing attack.
Security Awareness Training
Find out more about Security Awareness Training from Shades of Gray Security.
Trust Me I'm Lying: Banks Pay Me to Rob Them
Our Principal Consultant’s first book, Trust Me I’m Lying: Banks Pay Me to Rob Them, covers many tales of his adventures in the world of conducting social engineering testing. Learn how frighteningly easy it is to trick people into letting you into sensitive areas.