Recognizing social engineering on the web
When power lies in information, stealing sensitive information through social engineering is big business.
Rather than directly hacking a computer, a social engineer psychologically manipulates users to reveal confidential information such as banking or website login credentials.
For example, social engineers use phishing sites to fraudulently acquire user information. They might imitate a banking or governmental website requiring users to log in, tricking them into entering usernames and passwords on the phishing site.
As illustrated by Google’s #NoHacked campaign, social engineering extends to website design software. While you can download secure software from reliable web developers like WordPress, tools from non–reputable websites can potentially steal access to your website.
Preventing social engineering attacks
- Stay alert when entering confidential information on your computer.
- Beware of emails leading to websites asking for any account number, password or SSN.
- When logging into important accounts, double check the URL to ensure you haven’t been redirected to an imitation phishing site.
- Only download web design tools from trustworthy sources.
- Use double authentication for accounts wherever possible, such as Google’s 2–Step Verification.
- Keep in mind you always have the right to verify the validity of a suspicious email or site before revealing any personal information. When in doubt, call or send a new email to the source.