Circles of Trust - Social Engineering


“Social engineering” is a broad term used to describe many types of confidence fraud on the Internet. There are many social engineering techniques, including phishing and impersonating persons or websites. Learning about social engineering will help you stay alert for threats to your security.

Phishing is using email, instant messaging or other electronic communications in an attempt to trick you into divulging information the scammer can use to further their attack. Never divulge a password, PIN, credit card or Social Security number in an email. Your bank will never ask you to. Most reputable companies follow the best practice for recovering a forgotten password. They will provide you a link to a page on their site that will allow you to reset your password. You should make sure the link connects you to their website by verifying the URL and the website’s security certificate.

Another con involves calling people at work and  claiming to be from IT support or their company’s help desk, to ask you for your password. Don’t give anyone your password over the phone. If they are really from your company’s IT staff they don’t need it, or they can reset it themselves. Some IT departments will call and ask employees for their passwords just to see how may employees fall for this common social engineering con, as part of a security audit, or so that they can determine if they need to do additional security training.

Websites can be impersonated too. A web page can easily be made to look like your bank’s login page. My previous article about website security certificates explains how to verify a sites authenticity and why encryption and certificates are important for transmitting credit card and other sensitive information.

We are all busy nowadays but, it is important to pay attention to what we are doing and not let our impatience rush us into bad decisions. I don’t know how many times I wish that I would have slowed down a little before I hit “send” or “submit!”  Take time to investigate the company, person, webpage, email address or link you are being asked to trust.

Finally, use common sense and continue to stay informed about the risks and best practices for protecting yourself on the Internet. As new security technology and safety measures are being developed, so are new viruses, cons and other threats. One good source of information is your antivirus software company’s website. If you would like to dive a little deeper, there are many blogs dedicated to the subject of security. Veracode Blog’s list of 20 top security blogs is a good place to start.  I am also beginning a new section of The Practical Computer, dedicated to security, but written more for (you guessed it!) the average everyday computer user.  Look for it within the next week or so.





~#~


Sign up with email to get updates from The Practical Computer
and subscriber-only tips and giveaways.


For more on Internet Security:

From The USA Educational Foundation: Internet Safety For Adults


From Family Online Safety Institute:
Top Internet Safety Tips for Parents (PDF)


From US-CERT:
Advice about common security issues for
non-technical computer users