We spend much of our days connected through the web – we work online, we pay our bills and bank online, we even socialize online. For some of us, our entire lives are on the web. While the internet has provided us a great deal of convenience, it has also opened the door for cybercrime.
Fraudsters are always searching for new and innovative ways to conduct their criminal activity – cybercriminals are no different. Learning about the different types of cybercrimes is one way you can help protect yourself.
Social engineering
Social engineering uses psychological manipulation to trick users into trusting contacts, making security mistakes, or even giving away sensitive information. One way cybercriminals use social engineering is through “spear phishing.” Spear phishing is a malicious email that impersonates an individual for the purpose of tricking a recipient (you!) into completing a desired action – typically financial in nature. Attackers will often impersonate a victim’s acquaintances, such as family, friends, and work colleagues.
Remember, no matter what kind of social engineering techniques cybercriminals use, their primary goal is to remotely compromise and take full control over your system. Through remote compromise, attackers identify system security vulnerabilities and leverage vulnerabilities to take full control over someone’s whole system.
Smishing
Smishing (a.k.a SMS Phishing) is a form of phishing delivered over mobile text messaging. With smishing, the attacker tries to trick targeted recipients into clicking a link to send sensitive information, make a payment, or download malware to a smartphone.
Most smishing attacks work like email phishing by sending out fraudulent messages to end users. Below are some of the usual ways an attacker will tricks his/her victims:
- Trust - SMS texts are used as a more personal communication channel, which lowers a person’s defenses against threats.
- Context - Building a personalized text message to override any suspicion that it might be suspicious or malicious.
- Emotion - Sending a sense of urgency, something embarrassing, or using fear to override the intended targets critical thinking.
Impersonation
Impersonation fraud is a scheme that involves an imposter who imitates a legitimate person or business, often for financial gain. Cybercriminals will often research the targeted victim by using various information sources (e.g. social media). They will also often spoof a legitimate company’s website, by creating a site “lookalike.” Next, they will initiate contact and attempt to defraud the target. If the target responds, the cybercriminal will attempt to complete their fraudulent scheme (e.g. have the victim transfer money).
Tips on how you can protect yourself from cybercriminals
We have put together some tips on how you can prevent becoming a cybercriminal’s victim:
- Scrutinize emails carefully – some phishing red flags include:
- Mismatched “from” address and display name
- “Reply-to” header doesn’t match source name
- Email looks different from previous emails (e.g. font size, signature anomalies, etc.)
- Create strong passwords – passwords that use a combination of letters, numbers, and symbols are tricky and difficult to guess.
- Try not to use the same password for multiple accounts
- Do some research – validate the sender’s details as much as possible
- Review emails carefully – ask yourself questions – were you expecting this email? Does the context of the email make sense?
- Message tone – fraudsters often use emotion and urgency to make the victim feel compelled to act quickly.
While cybercrime can be scary, using tips, like these ones, can help protect you from becoming an attacker’s next victim.
Learn more about fraud and how to protect yourself on our Fraud Hub!