Social Engineering Red Flags
Social Engineering Red Flags
Most scams are surprisingly easy to spot once you know how they work.
Edited January 27, 2025
Roger A. Grimes writing at CSO:
Victims come from every slice of society, including doctors, lawyers, engineers, Nobel Prize winners, mechanics and even IT security workers. So, don’t shame victims thinking that they were dumb or a patsy. Intelligence has nothing to do with it.
The deciding factor whether someone can be scammed is awareness of the scam presented to them.
Social engineering is the process of gaining access to a system through the people who use it instead of attacking the system directly. For example, one form of social engineering may be an attacker researching information about a highly-privileged person — their favorite football team, their pet’s names, their date of birth, etc. — and trying those bits of info as a password.
These attempts can also occur via email. The following examples will point out red flags and discuss how you can find these yourself.
Who’s the Sender?
Do you recognize the sender’s email address as someone you ordinarily communicate with?
Is this email from someone outside my organization and not related to my job responsibilities?
Was this email sent from someone inside my organization or from a customer, vendor, or partner and is very unusual or out of character?
Is the sender’s email address from a suspicious domain like micorsoft-support.com (note the misspelling of “Microsoft”)?
Do you know the sender personally and were they vouched for by someone I trust?
Do you have a business relationship or any past communications with the sender?
Is this an unexpected or unusual email with an embedded hyperlink or attachment from someone I haven’t communicated with recently?
What’s the Subject?
Did you receive an email with a subject line that is irrelevant or does not match the message content?
Is the email message a reply to something you never sent or requested?
To Whom Was the Email Sent?
Were you CC’d on an email sent to one or more people, but you don’t personally know the other people it was sent to?
Did you receive an email that was also sent to an unusual mix of people? For instance, it might be sent to a random group of people at your organization whose surname begins with the same letter or a whole list of unrelated addresses.
Does the Timestamp Seem Logical?
Did you receive an email that otherwise appears normal, but was sent at an unusual time like 3:02 AM?
What’s Being Asked of You?
Is the sender asking you to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
Is the email out of the ordinary or does it have bad grammar or spelling errors?
Do you have an uncomfortable gut feeling about the sender’s request?
Is the email asking you to look at a compromising or embarrassing picture of yourself or someone you know?
Is it worded with urgency and are you being pressured to act quickly?
Where Does That Link Actually Go?
When you hover your mouse over a hyperlink that’s displayed in the email, does it link to an address for a different website?
You received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank.
You received an email with a hyperlink that is a misspelling of a known web site. For example:
www.bankofarnerica.comThe “m” is really two characters: “r” and “n.”
Are There Attachments?
Did the sender included an attachment that you were not expecting or that makes no sense in relation to the rest email?
Does this sender ordinarily send you this type of attachment?
Do you see an attachment with a possibly dangerous file type? For example, .exe, .bat, .js, .docm, .xlsm, or .pptm.
Remember…
1. Always be suspicious of external emails — look for red flags:
Do you recognize the domain in the email address?
Is the email asking you to click a link?
When you hover over a link, does the URL preview match what is described?
Does the email tell you to act quickly?
2. If you do not recognize a sender, do not open any attachments or click on any links in the body.
3. Do not be afraid to challenge someone's credentials — verify with a known contact that the person is who they say they are.
Some viruses, when they infect computers, will email themselves to everyone in someone's address book. You can't even trust files you receive from friends unless you were expecting them and the email on the whole is logical. If in doubt, always contact the sender via another medium (for example, in person or phone call) and verify.
Lastly
Most computer infections are caused by people downloading and running the virus themselves; in other words, being tricked. These infections come in all shapes and sizes.
Never download files or run software that isn't something that you were specifically looking for. The software you do get must be from a link on the original company's website that you searched for and verified as legitimate. When you do install software, make sure you read every option it gives you – oftentimes installations will bundle unwanted software with what you actually want.
