"Social engineering" is a broad term used to describe many types of confidence fraud on the Internet. There are many social engineering techniques, including phishing and impersonating a person or website. Learning about social engineering will help you stay alert for threats to your security.
Phishing is using email, instant messaging or other electronic communications in an attempt to trick you into divulging information the scammer can use to further their attack. Never divulge a password, PIN, credit card or Social Security number in an email. Your bank will never ask you to. Most reputable companies follow the best practice for recovering a forgotten password. They will provide you a link to a page on their site that will allow you to reset your password. You should make sure the link connects you to their website by verifying the URL and the website's security certificate.
Another con involves calling people at work and claiming to be from IT support or their company's help desk, to ask you for your password. Don't give anyone your password over the phone. If they are really from your company's IT staff they don't need it, or they can reset it themselves. Some IT departments will call and ask employees for their passwords just to see how may employees fall for this common social engineering con, as part of a security audit, or so that they can determine if they need to do additional security training.
Websites can be impersonated too. A web page can easily be made to look like your bank's login page. My previous article about website security certificates explains how to verify a sites authenticity and why encryption and certificates are important for transmitting credit card and other sensitive information.
We are all busy nowadays but, it is important to pay attention to what we are doing and not let our impatience rush us into bad decisions. I don't know how many times I wish that I would have slowed down a little before I hit "send" or "submit!" Take time to investigate the company, person, webpage, email address or link you are being asked to trust.
Finally, use common sense and continue to stay informed about the risks and best practices for protecting yourself on the Internet. As new security technology and safety measures are being developed, so are new viruses, cons and other threats. One good source of information is your antivirus software company's website. If you would like to dive a little deeper, there are many blogs dedicated to the subject of security.
For more about Tom Ledford:
Tom Ledford, Owner South Side Tech
http://www.southsidetech.com/
3849 Wyndsong Trl
Lexington, KY 40514
859-577-2403
Blog: The Practical Computer - http://praccomp.southsidetech.com/
Twitter: @tcledford
No comments:
Post a Comment