The hits just keep coming, don't they? There always seems to be some new sort of cyber attack that threatens the security of our office and home computers. The latest scam you need to worry about is Pretexting, which is a form of social engineering tactic that involves criminals creating a fake identity or situation to gain your trust and get access to your sensitive information or access to your systems. These attacks can be carried out in person, over the phone, or online and the focus of the correspondence is usually tailored to the victim's specific interests or needs. Here's what you need to know.
For several years, cyber crooks have used social engineering for online attacks rather than trying to break their way into your computers and devices. Social engineering covers a broad range of malicious activities such as phishing, baiting, smishing, emergency scams, and vishing. Criminals have figured out for the most part we are inclined to trust strangers, especially if they establish themselves as a trusted resource or partner. Social engineering attacks affect everyone. From your grandmother to people working for multi-million dollar companies. The bonus for criminals, it's cheaper for them to create scams that are designed to trick you out of your money or information.
So What is Pretexting? Pretexting is a form of a social engineering attack where the crook creates a scenario or a story to charm you or shock you into disclosing sensitive and valuable information such as your bank details, social security number, and other sensitive information that enables the perpetrator to gain access to systems and services that you are subscribed to.
How Does Pretexting Work? Before they call you, the attacker will have carried out extensive research on you. They will often use the Internet and leaked personal data from previous data breaches to establish their authenticity. The data they collect also helps them create a credible story that leaves little room for you to doubt them and helps to establish trust and build rapport with you. The attacker will provide you with aspects of your personal information such as your job title, home address, job location, phone number, work history, and credit card information. The attacker typically creates a sense of criticality by pretending to need your confidential information to perform a crucial task. Since they already have some of your personal information, they will claim to need more of your personal information to confirm their identity. Pretexting can take place in the form of a phone call or an email.
How Can You Spot a Pretexting Attack? Criminals who want to pretext you go to great lengths to develop a story that will deceive you. This makes these attacks more difficult to detect. However, there are red flags that can help you identify these scams before you become the victim of a larger attack.
Unusual Requests: You may receive a text, email, or phone message that follows normal communication routes and conversation styles. Yet, the red flag goes up when the request is out of the ordinary. Any request that requires sensitive information, the transfer of funds, or unusual downloads should be considered suspicious.
Spoofed Websites and Emails: If an attacker doesn't have access to a legitimate website, they'll be forced to send communications from an unknown email. To remain discreet, they're likely to use a similar email or URL domain. In these instances, the sender's email or a linked URL may include easy-to-miss spelling errors.
Urgent Language: While a pretext will go to great lengths to convincingly impersonate a trusted source, they are likely to work to complete the attack as quickly as possible. To accomplish this, the request is likely to include a time frame or language like ASAP, "immediately", or "right away". The message may also include reasons why a delay is catastrophic.
False Familiarity: A pretexting attack may open with casual communications like "Are you free right now?", "I need your help", or "Can you do me a favor?". The correspondence is likely to include your name or the names of people you know to create familiarity. Only after establishing trust, the attacker will reveal the request for money or sensitive information.
How to Verify a Potentially Dangerous Request
Pretexting attacks include extensive research that allows the attacker to masquerade as a trusted source. These tips can help you successfully verify a request instead of engaging in more communication with an attacker.
Check an email or text for pretexting red flags mentioned above.
Avoid responding to the request or taking actions like clicking links or downloading attachments.
Contact the sender through an alternate communication method for verification. Instead of responding to the request, make contact with the legitimate source and explain the situation. Ask for verification of the original request before taking further action.
How to Avoid Pretexting. It's almost impossible to avoid becoming the target of a cyberattack. However, there are steps you can take to keep your information secure and be a less willing target. Limiting the amount of information hackers are able to obtain and taking certain precautions can help you avoid the damages caused by pretexting scams. Take these steps to protect your personal information and financial assets from the investigative techniques of attackers.
Visit www.haveibeenpwnd.com to see if your information such as your phone number and email addresses are out on the dark web. Criminals get your information from data breaches that occur without your knowledge.
Stop sharing your mobile number and email with everyone. The best practive is to only share your mobile number with close family and friends and create a private email for those close to you and one that you share with the public.
Create office policies surrounding the limits of information employees can share on social media about their organizational roles.
Avoid sharing personal and financial information online.
Educate yourself and your co-workers about the techniques used in social engineering attacks.
Examine the email or text for red flags (like urgent language, spoofed websites, and suspicious requests) indicating an attack.
Don't click on links in an unverified email or text or download attachments.
Report all cyberattack attempts to the proper officials like local authorities and the Federal Trade Commission (FTC).
Hopefully, this post has given you the information you need to stay safe from the dangers of Pretext scams. If you think you're being targeted, don't hesitate to reach out. If you need further assistance, please reach out to me with any questions you might have. I am always happy to help!
Looking for More Useful Tips Tips?
My Tuesday Tech Tips Blog is released every Tuesday. If you like video tips, I LIVE STREAM new episodes of 'Computer and Tech Tips for Non-Tech People' every Wednesday at 1:00 pm CST on Facebook, Instagram, LinkedIn, and Twitter. Technology product reviews are posted every Thursday. You can view previous episodes on my YouTube channel.
Sign Up for My Tech Tips Newsletter! Click this link to sign-up and subscribe and you will receive every tip directly in your inbox each week.
Want to ask me a tech question? Send it to burton@burtonkelso.com. I love technology. I've read all of the manuals and I'm serious about making technology fun and easy to use for everyone.
Need computer repair service near you? My company Integral offers the highest quality computer repair service nationwide. If you need on-site or remote tech support for your Windows\Macintosh, computers, laptops, Android/Apple smartphone, tablets, printers, routers, smart home devices, and anything that connects to the Internet, please feel free to contact my team. Our team of friendly tech experts organization can help you with any IT needs you might have. Reach out to us a www.callintegralnow.com or phone at 888.256.0829.
Please share this with your friends and family! If you found this post useful, would you mind helping me out by sharing it? Just click one of the handy social media sharing buttons below.
The above content is provided for information purposes only. All information included therein is subject to change without notice. I am not responsible for any direct or indirect damages, arising from or related to the use of or reliance on the above content.
#techtips #technology #tech #technews #techreview #techgadgets #techtricks #techtalks #techyoutuber #instatech #technologynews #techsupport #covid #smartphone #tablet #computertips #computernews #computerreview #computersupport #apple #microsoft #samsung #hp #dell