Authored by a Symantec employee

 

Nobody likes being manipulated—and that’s exactly what happens to people when they fall victim to social engineering scams online. In addition to using more sophisticated malware, ransomware, and viruses, online criminals have become increasingly aware of the use and power psychology plays in weaving believable online fiction. By ‘engineering’ a believable scenario, criminals are able to manipulate users to act on otherwise risky behavior. There’s a dark art to this skill, and it’s one that can cause you and your online network a great deal of distress should you become compromised.

Social media has made it easier for criminals to collect the necessary pieces they need to weave a story or fictional ruse. The common user rarely pays attention to the kinds of personal data they share on social media—from whom they regularly socialize with and where they like to vacation, to specific job information and educational background. However, all these things can paint an incredibly accurate portrait of a user and make him an easy target of a social engineering scam.

Individual Vs. Company Threats

Businesses in particular have a difficult job balancing company security and employee freedom on social media. While some business may have strict policies about what can/can’t be shared on social networking sites like Facebook or Twitter, others don’t have any policies at all.

The problem is that, combined with social media, social engineering scams become increasingly more difficult to spot because they’re coming from seemingly trusted sources: friends, professional references, and even family. If you think you can spot the social engineering scam on social media, you might want to think again.

Things to Avoid

Generally speaking, social engineering is all about the plot leading up to the installation of malware, computer viruses, Trojan horses, and the like. Once a criminal gets a user to activate the bug, the story ceases to be relevant. Understanding the types of behavior criminals will generally request from users will help you determine if you can trust inquires from trusted sources.

Avoid clicking on suspicious links from emails, online chartrooms, or instant messages. If the URL doesn’t look familiar, or if it’s sent to you from a friend as a shortlink (like a Bitly URL), double check with your source to make sure it’s safe to click on. Clicking on a bad link is like opening Pandora’s box—once it happens, you can’t be sure what you’re going to get. Avoid this type of behavior, even if the message appears to be from someone you know and trust.

Similarly, you should avoid sending money to fundraisers or charities that your friends or family forward to you in emails unless you double-check the source. This is a popular scam, especially around the holidays, when people are more likely to feel philanthropic.

Online scammers can also send bogus links from fake organizations through your friends’ contact lists to get to you. These emails might look normal, as they’re coming from personal contacts. Ask yourself, ‘Has this person ever sent me a message like this before?’ It not, avoid making donations unless you can verify the site. Also, if you suspect your friend’s contact list has been compromised, notify him or her right away.

Finally, you should always be aware of the information you make available on social media. There have been several instances in which security breaches were made in large institutions because of a social engineering scam primarily curated through social media. Always be vigilant. The best thing you can do is to stay current on security trends and install trusted online security software from an established brand like Norton Security.


Disclaimers and references:
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.