This site requires JavaScript to be enabled
IE BUMPER
IE BUMPER

IE BUMPER
 
 
 
 
 
 
 
IE BUMPER
IE BUMPER
IE BUMPER
IE BUMPER

Phone Scams / Social Engineering

 

Overview

A Social Engineering Attack is when an attacker manipulates a person into performing actions, installing malicious software, or divulging confidential information.  This can be done over Email (phishing), text, phone, or in person.  The following are examples of common Social Engineering Attacks.

 

 

Tech support scams

An attacker calls impersonating the tech support department of your work, or a software company claiming to help you fix computer issues you may have.  During the call the attacker convinces you to divulge credentials, install software or give them remote access to your computer.  The attacker may then install a virus and require a fee in order to remove it.

https://www.consumer.ftc.gov/articles/0346-tech-support-scams

https://www.microsoft.com/en-us/security/online-privacy/avoid-phone-scams.aspx

 

 

Misplaced Flash Drive

An attacker will leave a USB flash drive somewhere hoping someone will pick it up and plug it in.  A malicious USB could install malware on your computer even if you don’t open any files.

If you find a USB drive on campus, do not plug it in to your computer; return it to the Help Desk. 

http://www.zdnet.com/article/criminals-push-malware-by-losing-usb-sticks-in-parking-lots/

 

 

Calls from Credit Card companies (fraud alert)

An attacker calls pretending to be from your credit card company and asks if you purchased an expensive item.  When you say no, the attacker asks for credit card information in order to reverse the charge.  

http://scam-detector.com/telephone-scams/credit-card-lower-rates

https://www.consumer.ftc.gov/articles/0131-credit-card-interest-rate-reduction-scams 

 

 

Scareware

Scareware is web content or spyware that tricks you into thinking your computer is infected with malware or that you have downloaded illegal content.  The attacker offers a solution to fix the bogus problem, but you are tricked into installing the attacker’s malware.  This is often seen as a webpage pop-up like the following example:    

 

 

If you believe your PC may have a virus, run a virus scan from a legitimate anti-virus vendor, do not install unknown software. 

https://isc.sans.edu/forums/diary/How+Victims+Are+Redirected+to+IT+Support+Scareware+Sites/19487/

 

 

IRS phone scams

An attacker impersonates an IRS agent and reports you must immediately pay thousands of dollars you owe in back taxes or will be arrested for tax fraud.  They then ask for your credit card for immediate payment.

https://www.irs.gov/uac/Newsroom/Phone-Scams-Continue-to-be-a-Serious-Threat,-Remain-on-IRS-Dirty-Dozen-List-of-Tax-Scams-for-the-2016-Filing-Season

  

 

Tips for avoiding scams.

  • Do not give credit card information out over the phone.
  • Do not give out any usernames or passwords.
  • Do not give out personal information to someone you don’t know and trust.
  • Do not trust your caller ID.  Caller ID can be spoofed.
  • Do not download programs you’re unsure about.
  • Have a good up-to-date anti-malware program on your computer.

 

 

Additional information

https://www.consumer.ftc.gov/articles/0076-phone-scams

http://www.creditcards.com/credit-card-news/top-10-phone-scams-1282.php

 

 





Was this article helpful?
YesNo
Not rated
IE BUMPER

Print Article