The AVG Q2 2012 Threat Report found that social engineering scams remain the biggest threat to consumers. What is Social Engineering? Well, it’s the “art of manipulating people into performing actions or divulging confidential information“.
Phishing is probably the most common type of social engineering scam e.g. fake online banking or social networking login screens, which log your username and password. Another common social engineering scam is telephone calls claiming to be from a company’s tech support department. Often the calls are based on the premise that you have a problem with your computer and you need to pay or download software (that ends up being malware) to have it fixed.
We asked our Facebook Community whether or not they have ever been targeted or fallen victim to a phishing or social engineering scam and the answer was a resounding yes.
Community discussions and sharing of stories/experiences is an important part of staying safe and helps understanding of what type of scams are out there and how to appropriately avoid them. Here are just a few of the stories that were shared:
“A few weeks back, on numerous occasions I got a call from ‘Microsoft’ telling me there was a problem with my computer, so I asked which one. They said it didn’t matter which one it was the ISP that was the problem and just to turn on a PC in the house and they’d go through what I needed to do to clear the problem. After a few days of hanging up on them I decided to tell them the call was being traced as I had reported them for harassment, funnily enough I haven’t heard from them since.” Vikki M
“I work for a rather large technical support help desk based in the UK, the amount of calls we get about our customers being called by these fake tech support companies/agents is just through the roof at the moment.” Daniel T.
“We had a person ring us up in January saying he was telephoning from “Microsoft Tech Experts” and that illegal emails were detected. That if crimes were committed by these people we would be liable as the info was via our computer. We are new to computers both never having one before, and never had computers at school. The caller was very plausible and knew our home/landline number, our address with postcode which he read out and asked us to confirm it. My daughter told me she thought it was a scam so I deleted all of my downloads and changed all passwords etc. I now have an email address for the proper Microsoft people. A lesson for us all.” Sally W
“I got a call saying that my Macbook had a potential threat. Funny how my whole family uses Windows.” Alex K
If you receive a call, email or Skype call, then here are some easy, simple steps to take to ensure that you’re staying safe and protected.
- Know your own activity- If they make claims about your activity that you know to be untrue, proceed with extreme caution.
- Be inquisitive - Ask them direct questions about where they are calling from. After the call ring that company on an official line and alert them to the call you have just received.
- Do not give any personal information away – Do not reveal any information about yourself, be it usernames, passwords, personal details or addresses.
- Be click safe – Should the approach be made via email, do not reply to the email, follow any links or download any attachments the email may contain.
- Never allow remote access to your computer unless you’re dealing with a support issue with a trustworthy company – if you don’t know the company the person calling is from and you asked to have a support issue resolved then refuse remote access to your machine.
If you’re ever unsure about a call or email you have received and you’ve followed the above tips, the AVG Community is always on hand to offer support and advice. Come and get involved.
More information about Social Engineering can be found here.