My father was an engineer his entire career before he retired a few years ago. He’d probably argue that he still is, and he’d be right. Like many of you who have found your calling in life, your career is much more than just a job—it’s pervasive in almost everything you do. Some of my earliest memories as a child are working with my dad in his workshop on various projects, always telling me to “measure twice, cut once.” Even to this day, he still has several going on at once. Engineering is one of the things he was put on this earth to do and do well to the betterment of those around him.
As we continue crafting a deeper understanding of our digital world during Cybersecurity Awareness Month, I want to focus on a different type of engineer, one that doesn’t have the best interest of their community at heart: the social engineer.
What is Social Engineering?
You might be familiar with what a mechanical, civil or electrical engineer does, so what is a social engineer and what do they do? Social engineering in the context of cybersecurity is the art of manipulating, influencing, or deceiving you to gain control over a computer system or information the hacker should not have access to.
What do you think of when you think of a hacker? Do you think of a montage of graphical interfaces with intense music and fast-paced typing and someone breaking into hardened systems in minutes? I hate to burst that fantasy, but reality is far from what you see in the movies. What occurs in real life is a lot less flashy.
Many attacks begin with a focus more on the human element than on the system itself, hence social engineering. This could start with a malicious actor gleaning information from your social media accounts and online fingerprint, and then expanding from there. They may use that information in a number of different attack methods you may not have heard of, like baiting or pretexting, to one we all are familiar with, phishing.
What is Phishing?
Have you ever received an email from a nice Nigerian prince who was having trouble getting his $15-$20 million out of the country and needed YOUR assistance? What luck! We all know that to be one of the most well-known and longest-running phishing scams. Phishing social engineering attacks have grown in number and complexity since the early days of our friend the Nigerian prince.
Whether it is spear phishing, vishing (voice phishing), smishing (SMS phishing), or your run-of-the-mill email phishing, the goal is essentially the same for each. Social engineers want to get you to divest sensitive information, click a link, open a malware laden document, or surreptitiously get your login credentials. So, how do you know if you are being phished or not? Let’s take a look at a few things you can do to decipher phishing attacks.
How to Spot a Phishing Email
- Unexpected Message
- We get a lot of emails each day both professionally and personally, a lot we expect to get and many we don’t. Most phishing emails that arrive in your inbox are of the unexpected variety. Be wary of them, even if it appears to come from someone you know.
- Validate the email is from who it says it is. And look carefully! Names and email addresses can be changed to look similar to the real deal.
- Strange Request
- Are you being asked to do something you normally wouldn’t or is the request contrary to how you would normally be asked? Are you being asked to send a payment, sensitive information, or open and execute something inside a document?
- If you have passed step #1 and validated who the email is from, take a step and validate out of band (not by replying to the email) that the unusual request is legitimate before acting.
- Sense of Urgency for Action
- Slow down. It’s email after all. Contrary to what many people might think, email is NOT a medium to be used for urgent action.
- Many phishing scams try to create a sense of urgency so you react quickly and miss something instead of thinking and validating the legitimacy of the communication and request.
- Unusual Attachment or Link
- Ultimately, hackers are trying to get you to execute malicious code or provide sensitive information like your social security number or login credentials through phishing scams. Most of the time this is done through attachments or links in the email. As my father might say, “look twice, click once.”
- Carefully review any link before clicking on it and ensure it is taking you where you know it should. Hackers are proficient at creating hyperlinks that are very, very close to the real website they are posing to take you to.
- Be cautious before opening any attachment. Did you expect an attachment? Is it the right file type for what you expected? Is Microsoft Office set to open documents in Protected View?
I hope many of these tips are a review for most of you and that you already practice these in your personal and professional life. In our next and last Cybersecurity Awareness Month article we’ll be talking about data sensitivity and sharing of information as we “See Ourselves in Cyber.”
About Sharonview Federal Credit Union
Sharonview Federal Credit Union, voted in 2018 the No.1 credit union in South Carolina by Forbes, is headquartered in Fort Mill, South Carolina, and has been serving its members since 1955. Today, Sharonview serves over 100,000 members nationwide, has assets totaling more than $1.7 billion and operates 19 branches in North Carolina, South Carolina and New Jersey. It is also ranked as one of the top 200 credit unions in the country, proving its dedication to providing its members with a full array of value-added financial services, all of which are backed by the United States government and federally insured by the National Credit Union Administration. Sharonview currently stands above the crowd in delivering the personal touch, providing loans with fewer restrictions, flexible terms and lower rates. For over 60 years, Sharonview has promised exceptional value and delivered financial services members can trust, with us it’s personal.
Questions from the Media
Journalists, please note Sharonview Federal Credit Union's public relations agency of record is By George Communications, LLC.
The following contact information is for members of the media only. Other inquiries will not be returned or forwarded.
Marketing and Advertising Opportunities and Questions
Have advertising inquires, proposals and opportunities? Please contact us.