Social Engineering Red Flags
Roger A. Grimes writing at CSO:
Victims come from every slice of society, including doctors, lawyers, engineers, Nobel Prize winners, mechanics and even IT security workers. So, don’t shame victims thinking that they were dumb or a patsy. Intelligence has nothing to do with it.
The deciding factor whether someone can be scammed is awareness of the scam presented to them.
Social engineering is the process of gaining access to a system through the people who use it instead of attacking the system directly. For example, one form of social engineering may be an attacker researching information about a highly-privileged person — their favorite football team, their pet’s names, their date of birth, etc. — and trying those bits of info as a password.
These attempts can also occur via email. The following example will point out red flags and discuss how you can find these yourself.
From
I don’t recognize the sender’s email address as someone I ordinarily communicate with.
This email is from someone outside my organization and it’s not related to my job responsibilities.
This email was sent from someone inside the organization or from a customer, vendor, or partner and is very unusual or out of character.
Is the sender’s email address from a suspicious domain (like micorsoft-support.com)?
I don’t know the sender personally and they were not vouched for by someone I trust.
I don’t have a business relationship nor any past communications with the sender.
This is an unexpected or unusual email with an embedded hyperlink or an attachment from someone I haven’t communicated with recently.
Subject
Did I get an email with a subject line that is irrelevant or does not match the message content?
Is the email message a reply to something I never sent or requested?
To
I was cc’d on an email sent to one or more people, but I don’t personally know the other people it was sent to.
I received an email that was also sent to an unusual mix of people. For instance, it might be sent to a random group of people at my organization whose last names start with the same letter, or a whole list of unrelated addresses.
Timestamp
Did I receive an email that I normally would get during regular business hours, but it was sent at an unusual time like 3:02 AM?
Content
Is the sender asking me to click on a link or open an attachment to avoid a negative consequence or to gain something of value?
Is the email out of the ordinary, or does it have bad grammar or spelling errors?
Is the sender asking me to click a link or open up an attachment that seems odd or illogical?
Do I have an uncomfortable gut feeling about the sender’s request to open an attachment or click a link?
Is the email asking me to look at a compromising or embarrassing picture of myself or someone I know?
Hyperlinks
I hover my mouse over a hyperlink that’s displayed in the email message, but the link-to address is for a different website. (This is a big red flag.)
I received an email that only has long hyperlinks with no further information, and the rest of the email is completely blank.
I received an email with a hyperlink that is a misspelling of a known web site. For instance, www.bankofarnerica.com — the “m” is really two characters — “r” and “n.”
Attachments
The sender included an email attachment that I was not expecting or that makes no sense in relation to the email message. (This sender doesn’t ordinarily send me this type of attachment.)
I see an attachment with a possibly dangerous file type.
Remember…
1. Always be suspicious of external emails — look for red flags:
Do you recognize the domain in the email address?
Is the email asking you to click a link?
When you hover over a link, does the URL preview match what is described?
Does the email tell you to act quickly?
2. If you do not recognize a sender, do not open any of their attachments or click on any links in the body.
3. Do not be afraid to challenge someone's credentials — verify with a known contact that the person is who they say they are.