Avoiding Social Engineering Scams: How to Spot Hackers Knocking at Your Digital Door

A smartphone with a purple screen and lock icon against a yellow background.

By Lara Evans Bracciante

To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the first installment on social engineering scams.

Google and Facebook lost $100 million when payment for services were repeatedly sent to a hacker account. Username and password credentials were stolen from employees at the US Department of Labor, compromising sensitive data. Microsoft sounded the alarms when Russian hackers targeted individuals at organizations critical to Ukrainian security and emergency response. And massage therapists have repeatedly been the target of “reimburse for overpayment” scams and fake invoicing for website hosting. In all these cases, the bad actors were targeting individuals, asking them to make one wrong move, and let them through the door.  

Cybersecurity has become a mainstream word, and we all generally know what it means: information protection on our computers and devices. And while success requires a multipronged approach—updated software, firewall protection, strong passwords—it is also critical to protect yourself from a thing called social engineering.

What is Social Engineering?

Social engineering is a fancy phrase for getting someone to click on a link or take an action that will compromise security. And while we’ve gotten pretty good at spotting the “Nigerian prince” email scam, social engineering includes a variety of techniques, some of which are now quite sophisticated. They can come via email, text messaging, app messaging, or over the phone. And they are happening all the time, and pretty much to everyone.

The basic concept is, a message is sent to you urging action—to click a link, download a file, maybe update your online credentials. The sender may be sending this en masse or has perhaps targeted you or your business specifically. They may even pretend to be your bank, your boss, or an employee in human resources or accounting. Ultimately, they are looking for you to make a mistake that could compromise your private information and/or infect your computer or digital device with a virus. Check out these specific phishing examples from KnowBe4, an organization offering online security training.

But if you stay aware, you will find tell-tale signs within scam messages that give them away, and you can simply choose to not open the door when the hacker knocks.

Tips to Protect Yourself from Social Engineering

Here’s what to look for:

  • When receiving an email, mouse over the sender’s name and see what actual email address is behind the name. For example, the name may read John Smith (your manager) but scrolling over the name reveals the email address as 235jasper@gmail.com (not your manager’s email).
  • Also, when checking the full email address, verify the domain (that last part of the email address) and ensure it’s not a close fake; jsmith@national.bank.com is not the same as jsmith@nationalbank.com. That single period makes all the difference.
  • Check the subject line. Is it relevant to the content? If not, this is a big red flag.
  • Does the subject line or content connote urgency? For example, check to see if the subject line is attention-getting but vague (“Very Important”) or the content asks for immediate help (“I am stuck at the airport and need some cash.”) Chances are, this is not legit.  
  • Mouse over any links in the content and verify the authenticity of the website address. If there’s any question, don’t click.
  • Never click on or download an attachment unless you are absolutely certain it’s coming from a safe sender, and you are expecting it. Not sure? Pick up the phone and call the sender to verify.
  • Question any phone or email requests from “the IT department” or “accounting” asking for computer access, account credentials, or other sensitive information. It is unlikely that such a request is ever necessary.
  • Remain skeptical. Would the CFO really send you an email from the airport asking you to quickly wire money to a client he forgot to pay? If there’s any doubt, make a call to verify the request. Your boss, bank, or client will appreciate your savviness.

Social engineering is widespread, and everyone is at risk. Be wary, keep your guard up, slow down, and check twice. The extra seconds to do so could make all the difference.

author bio

Lara Evans Bracciante is ABMP’s senior director of Information Technology & Member Service Operations.

Category: 

News

Agenda Confirms CAMTC Could Seek Fee Hike

CAMTC's meeting agenda confirms there may be a vote on a fee increase and discloses meeting location. Submit comments to the CAMTC as soon as possible.

Blog

Make Gratitude Part of Your Daily Life

Man Giving Thanks to Nature.

While this is the time of year that #gratitude starts trending, living a grateful life is not something to wrap up in a day, a week, a month . . . or a hashtag. We need to honor it all from an open heart.

Upledger CranioSacral Therapy Can Help with PTSD

CranioSacral Therapy can help with PTSD.

CranioSacral Therapy (CST) is a gentle, hands-on treatment modality that releases tensions deep in the body to relieve pain and dysfunction and improve whole-body health and performance.

Benefits

ABMP’s Lymph Talk Series

Lymph Talk is a series of conversations ABMP Director of Professional Education Kristin Coverly had with practitioners who specialize in the manual lymphatic drainage (MLD) modality. These talks were recorded in conjunction with the October 25, 2022, free, online ABMP CE Summit on Lymph. Kristin says, “My hope is that these conversations increase the awareness of MLD and demonstrate how effective it can be with different populations so massage therapists and bodyworkers are inspired to learn more about this gentle, yet powerful modality!”

2022 ABMP CE Summit Course—MLD: Basic Techniques for the Neck and Face

Gain an understanding of manual lymphatic drainage (MLD) movements and the location of important lymphatic structures as you watch Nicola McGill’s dynamic demonstration of three MLD techniques and MLD sequences for the neck and face. Learn about this important modality that, when provided effectively, can support and enhance the movement of lymph fluid through the lymphatic vessels and eventually back to the cardiovascular system.

2022 ABMP CE Summit Course—Introduction to Manual Lymphatic Drainage

Manual lymphatic drainage (MLD) is a gentle, rhythmic form of bodywork that enhances and supports the movement of fluid through the lymphatic system to support health and well-being. Developed by Danish therapists Emil and Estrid Vodder in the 1930s, MLD is now practiced extensively by health and wellness practitioners and is used within the medical community to treat lymphedema and post-surgical and post-traumatic edema. Join Nicola McGill in this engaging course to learn the benefits, indications, and mechanics of this gentle, effective modality.

Please note: We have recently updated our Privacy Policy and Terms of Use. Learn more...