Criminals can use sophisticated methods to try to gain access to your computer, or they can use something simpler and more insidious- social engineering.
Social engineering is a way for criminals to gain access to desirable date. This method works by gaining your trust or by generating fear to cause you to let your guard down. The purpose of social engineering can be to secretly install spyware or other malicious software or to trick you into handling over your passwords or other sensitive financial or personal information. Some online criminals find it easier to exploit human nature than to exploit holes in your computer's defenses.
Here are some example of social engineering:
- Clicking on links you shouldn't be. You receive an email that appears to be from a friend and may contain a link that "you just have to see!" If you click the link, your computer could become infected with malware so that the criminal can take over your machine and collect anything from your contacts to your credit card information.
- "Helping" someone in need. Other seemingly harmless emails you receive could ask you for "urget" help for a friend stuck in a country, in need of medical assistance or other important matter. The criminal posing as a friend or an aquaintance will give you instructions on how and where to send money... directly to them.
- Responding to a question you never asked.Criminals may pretend they're responding to your "request" from a company while also offering more help. They choose companys that millions of people contact everyday- banks, shopping outlets, etc. For example, even though you didn't originally ask a question about a problem with your computer, you may seize the opportunity to upgrade software for free as the email says. The moment you respond to such an email, you've opened your computer up to attacks.
So how do you stay safe? First, slow down and think before you click. If a message conveys a sense of urgency, do not let it influence your careful review. Second, research the facts. Be suspicious of unsolicited messages and use a search engine to do research on the company or organization. Last, remember that curiosity leads to careless clicking. If you don't really know what the email is about, why you're receiving it or who it's from, chances are it's an attempt at social engineering.