Avoiding Social Engineering Scams: How to Spot Hackers Knocking at Your Digital Door

A smartphone with a purple screen and lock icon against a yellow background.

By Lara Evans Bracciante

To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the first installment on social engineering scams.

Google and Facebook lost $100 million when payment for services were repeatedly sent to a hacker account. Username and password credentials were stolen from employees at the US Department of Labor, compromising sensitive data. Microsoft sounded the alarms when Russian hackers targeted individuals at organizations critical to Ukrainian security and emergency response. And massage therapists have repeatedly been the target of “reimburse for overpayment” scams and fake invoicing for website hosting. In all these cases, the bad actors were targeting individuals, asking them to make one wrong move, and let them through the door.  

Cybersecurity has become a mainstream word, and we all generally know what it means: information protection on our computers and devices. And while success requires a multipronged approach—updated software, firewall protection, strong passwords—it is also critical to protect yourself from a thing called social engineering.

What is Social Engineering?

Social engineering is a fancy phrase for getting someone to click on a link or take an action that will compromise security. And while we’ve gotten pretty good at spotting the “Nigerian prince” email scam, social engineering includes a variety of techniques, some of which are now quite sophisticated. They can come via email, text messaging, app messaging, or over the phone. And they are happening all the time, and pretty much to everyone.

The basic concept is, a message is sent to you urging action—to click a link, download a file, maybe update your online credentials. The sender may be sending this en masse or has perhaps targeted you or your business specifically. They may even pretend to be your bank, your boss, or an employee in human resources or accounting. Ultimately, they are looking for you to make a mistake that could compromise your private information and/or infect your computer or digital device with a virus. Check out these specific phishing examples from KnowBe4, an organization offering online security training.

But if you stay aware, you will find tell-tale signs within scam messages that give them away, and you can simply choose to not open the door when the hacker knocks.

Tips to Protect Yourself from Social Engineering

Here’s what to look for:

  • When receiving an email, mouse over the sender’s name and see what actual email address is behind the name. For example, the name may read John Smith (your manager) but scrolling over the name reveals the email address as 235jasper@gmail.com (not your manager’s email).
  • Also, when checking the full email address, verify the domain (that last part of the email address) and ensure it’s not a close fake; jsmith@national.bank.com is not the same as jsmith@nationalbank.com. That single period makes all the difference.
  • Check the subject line. Is it relevant to the content? If not, this is a big red flag.
  • Does the subject line or content connote urgency? For example, check to see if the subject line is attention-getting but vague (“Very Important”) or the content asks for immediate help (“I am stuck at the airport and need some cash.”) Chances are, this is not legit.  
  • Mouse over any links in the content and verify the authenticity of the website address. If there’s any question, don’t click.
  • Never click on or download an attachment unless you are absolutely certain it’s coming from a safe sender, and you are expecting it. Not sure? Pick up the phone and call the sender to verify.
  • Question any phone or email requests from “the IT department” or “accounting” asking for computer access, account credentials, or other sensitive information. It is unlikely that such a request is ever necessary.
  • Remain skeptical. Would the CFO really send you an email from the airport asking you to quickly wire money to a client he forgot to pay? If there’s any doubt, make a call to verify the request. Your boss, bank, or client will appreciate your savviness.

Social engineering is widespread, and everyone is at risk. Be wary, keep your guard up, slow down, and check twice. The extra seconds to do so could make all the difference.

author bio

Lara Evans Bracciante is ABMP’s senior director of Information Technology & Member Service Operations.


Trustpilot Reviews


Iowa Adopts New Massage Therapy Rules

The Iowa Board of Massage Therapy adopted new massage therapy rules that impact the following sections: definitions, licensure by examination, qualifications for foreign applicants, and license display requirements. The new rules will be effective August 17, 2022.

Colorado Bill Gives Counties Authority to Adopt Establishment Licensing

House Bill 22-1300 allows counties, cities, and towns in Colorado to adopt local ordinances. The intent is to prevent human trafficking-related offenses to occur in illicit businesses that represent themselves as massage establishments. The bill takes effect August 10, 2022.


Antivirus Software Can Help Protect You and Your Clients

Antivirus Software Shields Practitioners and Clients.

To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the second installment on social engineering scams.


ABMP Recognized for Top Publications

The 42nd Annual EXCEL Awards were celebrated on June 22, 2022. SIIA’s EXCEL Awards is the largest and most prestigious program recognizing excellence and leadership in association media, publishing, marketing, and communication.

ABMP was recognized for some of our top publications and educational offerings:

Read the May / June 2022 Issue of Massage & Bodywork Magazine

The May/June 2022 issue of ABMP's Massage & Bodywork magazine is available at www.massageandbodyworkdigital.com. ABMP members get a print subscription as part of membership, and the digital edition is available online and free to the profession.

In this issue, we explore pelvic tilt and spinal compensation, improving bodywork through breath, and how listening to your clients is a superpower. We also discuss SI joint dysfunction, overuse injuries, and much more!⁠

Cupping Canada Inc. and Mobile Massage Mastery GIVEAWAY: Value over $2,022!

Cupping Canada Inc. and Mobile Massage Mastery GIVEAWAY—value over $2,022!

3 lucky participants will win shared prizes:

• 16 CE live online Evidence Informed Clinical Cupping course from Cupping Canada & Cupping USA (NCBTMB approved & Canadian approvals) - valued at $405 CAD

• Online course starter kit, tie dye silicone drinking glass & silicone straw kit from Cupping Canada and Cupping USA - valued at $120 CAD

Please note: We have recently updated our Privacy Policy and Terms of Use. Learn more...