Trends in social engineering attacks
Social engineering is on the rise, so it’s especially important to be vigilant against these attacks. The following are new trends in the world of social engineering:
- The Internal Revenue Service (“IRS”) scam: The target receives a call, email, or a visit from a fraudster claiming to be from the IRS. The fraudster threatens seizure of assets and arrest by law enforcement if a payment is not made immediately. They may ask for payment via prepaid debit card or for your credit/debit card information.
- The Social Security Administration (“SSA”) scam: The target receives a call from a fraudster claiming to be from the SSA. In fact, even the caller ID appears to be from the SSA. The fraudster indicates your Social Security Number has been suspended and says that they will need you to re-confirm your SSN to him/her. Further, they may offer to reactivate it if you put money on gift cards and share the codes with the fraudster.
- Rachel from credit services/credit card company scam: The target receives a recorded call offering debt consolidation/reduction for a very limited time, saying the target needs to share their credit card information, SSN, and other personally identifiable information with the call center.
- Off-hours text for offering quick cash: The target receives a very short text message offering cash and a link to a website.
- Invoice from Netflix or Amazon (or another large organization): The target receives a communication indicating the account is past due. The fraudster may have an attachment on the email or may re-route the target to a malicious link to gain access to systems or gather log-in information.
- Online loans offer: Fraudulent sites are set up as an online loan company. The initial loan application will also request the target’s online banking credentials. The site will then place a fraudulent deposit into the target’s account and request a portion of the funds back for processing purposes.
The Federal Trade Commission (“FTC”) has created a great infographic (https://www.consumer.ftc.gov/blog/2019/03/phishing-dont-take-bait) that explains how to recognize phishing. Ultimately, best practices to avoid getting entangled in these attempts include questioning:
- Did I expect this communication?
- Do I know the sender? Are they reputable?
- Is the message just an FYI message versus the sender routing me somewhere (e.g. requesting they visit a website or make a phone call) or asking for personal information?
- Is it too good to be true?