This is the 1st part of a 3 part series in protecting yourself from on-line and of-line scams.
With the 2020 COVID-19 crisis causing many to work from home, it’s more important than ever to have a set of tools to deal with threats that come your way.
In this publication, I will help you identify threats so that you can avoid being deceived by malicious calls to action. If your device has been compromised by a scam, its important to learn how to deal with an attack after the fact.
- The best security is awareness
- The psychology behind decision making
- Avoiding Scams
- Protecting yourself after the Scam
- Protect your on-line accounts
- Conclusion
- Updates: Spying on the Scammers Video
- Terms
The best security is awareness
Many security measures can help protect your device, but when you become the target, awareness, and education is your best defense. In the last five or ten years, as computer security keeps getting better, many attackers have moved from computer infiltration to targeting you through what’s called a “Social Engineering Attack”. A term used to encompass a broad range of malicious activities to extort money from you.
Social engineering attacks happen in one or more steps:
- An attacker does background research on a set of victims in a specific demographic. The goal is to target the most vulnerable people of society, like the elderly.
- Vulnerabilities are discovered.
- Armed with the necessary information from step one and two, the attacker uses psychological manipulation in the form of a pointed written message, or phone conversation, to trick you into giving away sensitive information.
Attackers will likely attempt to trick you with a message that conveys an illusion of authority1, and a sense of urgency. As an example, you may get a pop-up on your screen that your computer has been compromised, asking you to urgently call a number. You might get an email stating that you are required by law to make contact with a government representative because the IRS didn’t receive your tax return, or you might even get a call from the attacker, without any action on your part, claiming to be working for Microsoft and that your computer is unprotected.
With any unfamiliar situation, remember to take a deep breath and relax. 99% of communications that attempt to compel you to act with the above tactics are false. These kinds of attacks are most successful when you are in a state of panic. Legitimate business dealings happen on their own with no outside coercion. If at any time you feel forced to perform an action, step back, regroup, and gather information from outside sources. In these circumstances, you never, ever, have to take an immediate action. You always have recourse, but it takes time and patience to find alternatives.
The most likely indicators of a social engineering attack include:
- Urgency: A communication that expresses a tremendous sense of urgency, often through fear, intimidation, a crisis, or an important deadline. Attackers can be good at creating convincing messages that appear to come from an authority, or even someone you know.
- Pressure: A message that creates a sense of “No Option”. The language indicates that you must act right away, and many interactions will even attempt to get you to bypass or ignore security measures designed to protect you, such as giving out your password to your online bank account.
- Illusion of Authority: A author or caller who uses an authoritative tone of voice or a written strong-worded message. This kind of interaction can be framed in many ways, but it works best when an attacker impersonates an agent from a government establishment or a reputable company. The attacker will attempt to use language that sounds authoritative to gain a position of superiority over you. The ultimate goal is to get you to perform an action that, on the surface, appears to benefit you.
The psychology behind decision making
It’s good to learn a bit about your decision-making process. Recognize your particular temperament when it comes to obstacles and challenges. Ask yourself these questions:
- How do you hold up under pressure?
- Do you need to avoid circumstances that lead you to make snap decisions?
- Can you practice breathing, and walking away?
Contemplate on these questions and make a reminder or a mental note for any future dealings with aggressive queries.
Conclusion
My goal in the first part of this publication is to attempt to make you aware of some of the common ways in which a scammer operates. When dealing with solicited requests for information, don’t be afraid to err on the side of caution. It’s better to be safe, then sorry. In part 2 I will discuss techquies of avoiding being a victim of a Scam.
If you have any questions about this publication, or you would like help with your computer’s security, contact me. I can assess your protection, and offer suggestions to improve your online safeguards.