1. Home

Avoiding Social Engineering Scams: How to Spot Hackers Knocking at Your Digital Door

06/24/2022

A smartphone with a purple screen and lock icon against a yellow background.

By Lara Evans Bracciante

To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the first installment on social engineering scams.

Google and Facebook lost $100 million when payment for services were repeatedly sent to a hacker account. Username and password credentials were stolen from employees at the US Department of Labor, compromising sensitive data. Microsoft sounded the alarms when Russian hackers targeted individuals at organizations critical to Ukrainian security and emergency response. And massage therapists have repeatedly been the target of “reimburse for overpayment” scams and fake invoicing for website hosting. In all these cases, the bad actors were targeting individuals, asking them to make one wrong move, and let them through the door.  

Cybersecurity has become a mainstream word, and we all generally know what it means: information protection on our computers and devices. And while success requires a multipronged approach—updated software, firewall protection, strong passwords—it is also critical to protect yourself from a thing called social engineering.

What is Social Engineering?

Social engineering is a fancy phrase for getting someone to click on a link or take an action that will compromise security. And while we’ve gotten pretty good at spotting the “Nigerian prince” email scam, social engineering includes a variety of techniques, some of which are now quite sophisticated. They can come via email, text messaging, app messaging, or over the phone. And they are happening all the time, and pretty much to everyone.

The basic concept is, a message is sent to you urging action—to click a link, download a file, maybe update your online credentials. The sender may be sending this en masse or has perhaps targeted you or your business specifically. They may even pretend to be your bank, your boss, or an employee in human resources or accounting. Ultimately, they are looking for you to make a mistake that could compromise your private information and/or infect your computer or digital device with a virus. Check out these specific phishing examples from KnowBe4, an organization offering online security training.

But if you stay aware, you will find tell-tale signs within scam messages that give them away, and you can simply choose to not open the door when the hacker knocks.

Tips to Protect Yourself from Social Engineering

Here’s what to look for:

  • When receiving an email, mouse over the sender’s name and see what actual email address is behind the name. For example, the name may read John Smith (your manager) but scrolling over the name reveals the email address as 235jasper@gmail.com (not your manager’s email).
  • Also, when checking the full email address, verify the domain (that last part of the email address) and ensure it’s not a close fake; jsmith@national.bank.com is not the same as jsmith@nationalbank.com. That single period makes all the difference.
  • Check the subject line. Is it relevant to the content? If not, this is a big red flag.
  • Does the subject line or content connote urgency? For example, check to see if the subject line is attention-getting but vague (“Very Important”) or the content asks for immediate help (“I am stuck at the airport and need some cash.”) Chances are, this is not legit.  
  • Mouse over any links in the content and verify the authenticity of the website address. If there’s any question, don’t click.
  • Never click on or download an attachment unless you are absolutely certain it’s coming from a safe sender, and you are expecting it. Not sure? Pick up the phone and call the sender to verify.
  • Question any phone or email requests from “the IT department” or “accounting” asking for computer access, account credentials, or other sensitive information. It is unlikely that such a request is ever necessary.
  • Remain skeptical. Would the CFO really send you an email from the airport asking you to quickly wire money to a client he forgot to pay? If there’s any doubt, make a call to verify the request. Your boss, bank, or client will appreciate your savviness.

Social engineering is widespread, and everyone is at risk. Be wary, keep your guard up, slow down, and check twice. The extra seconds to do so could make all the difference.

author bio

Lara Evans Bracciante is ABMP’s senior director of Information Technology & Member Service Operations.

Category: 
Blog Posts

News

View All

Alaska Massage Board Remains Independent and Autonomous

04/24/2024

Executive Order No. 129 sought to dissolve the Alaska Board of Massage Therapists and transfer its functions to the Department of Commerce, Community, and Economic Development (DCCED). The executive order was successfully overturned.

Gainful Employment Rules Compliance Updates

04/16/2024

Over the past two weeks, the US Department of Education issued updates to the new “Gainful Employment” (GE) regulations for vocational programs published last fall. This web post addresses the updates to prepare school owners and educators ahead of the July 1, 2024, new GE rule effective date.

New Study Reconfirms the Benefits of Touch

04/12/2024

A recent study found that touch interventions were effective in helping regulate cortisol levels, reducing feelings of depression in adults, and having other significant benefits.

Blog

View All

ABMP CE Summit: Headaches

02/28/2024

Headaches.

Join us online Tuesday, April 30, 2024, for the ABMP CE Summit: Headaches, which take learners on a journey from understanding headaches to working with clients with headache pain using multiple modalities and techniques.

Benefits

View All

Podcast: Cancer, Clots, and COVID—A Complicated Client

03/20/2024

A client was recently treated for colon cancer—and it didn’t go well. She had surgical complications, a bout of sepsis, and more. Is massage therapy safe? We discuss on this episode of “I Have a Client Who . . .” Pathology Conversations with Ruth Werner.

Please note: We have recently updated our Privacy Policy and Terms of Use. Learn more...