Recognizing Social Engineering Tactics

Last updated: October 31, 2024
Recognizing Social Engineering Tactics

Common Social Engineering Tactics

  • Baiting: This tactic involves offering something enticing, such as a free gift, a discount, or exclusive access to a limited-time offer. The goal is to lure victims into clicking on malicious links or downloading malware-infected files. For instance, a phishing email might promise a free gift card in exchange for completing a brief survey. However, clicking on the link could lead to the installation of malware on the victim's device.
  • Scareware: Scareware leverages fear and intimidation to coerce victims into taking immediate action. By threatening dire consequences like legal action, data loss, or system damage, attackers attempt to create a sense of urgency and panic. For example, a fake antivirus software alert might claim that the victim's computer is infected with a dangerous virus and demand immediate payment to remove it.
  • Shoulder Surfing: A more straightforward approach, shoulder surfing involves observing individuals as they enter passwords, PINs, or other sensitive information. This can occur in places like coffee shops, or public spaces on campus. Attackers may exploit distractions or blind spots to capture this information, which can then be used for unauthorized access.

How to Spot Social Engineering Attempts

  • Look for Inconsistencies: Legitimate organizations typically maintain high standards for communication. Pay close attention to grammar, spelling, and formatting errors in emails or messages. Inconsistencies in these areas can be a red flag.
  • Verify Urgency: Be cautious of messages that create a sense of urgency or demand immediate action. Legitimate requests usually allow for time to verify information. If a message insists on an immediate response, it may be a sign of a scam.
  • Check for Unusual Requests: If a message asks you to disclose sensitive information like passwords, credit card numbers, or personal details, be wary. Legitimate organizations generally do not request such information through email or phone. Instead, they will typically direct you to their secure website or a known contact.

Report any suspicious emails that you receive by forwarding them as an attachment to UBC Cybersecurity at security@ubc.ca.

Go Further...

  • Article

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacy.matters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning