How can I protect myself from digital deception?
Imagine that you receive an email with an urgent message
asking you to verify your banking information by clicking on a link. Or maybe you get an enticing text message claiming that you've won a free vacation
to the destination of your choice — all you have to do is click on the link you
were sent. In both scenarios, clicking on the link causes you to play right
into the hands of a cybercriminal seeking your sensitive information. Just like
that, you're at risk for identity theft because you were tricked by a social
Social engineering attacks are a form of digital deception
in which cybercriminals psychologically manipulate victims into divulging
sensitive information. Cybercriminals "engineer" believable scenarios designed
to evoke an emotional response (curiosity, fear, empathy, or excitement) from
their targets. As a result, people often react without thinking first due to
curiosity or concern over the message that was sent. Since social engineering
attacks appear in many forms and appeal to a variety of emotions, they can be
especially difficult to identify.
Take steps to protect yourself from a social engineering
scam. If you receive a message conveying a sense of urgency, slow down and read
it carefully before reacting. Don't click on suspicious or unfamiliar links in
emails, text messages, and instant messaging services. Hover your cursor over a
link before clicking on it to see if it will bring you to a real URL. Don't
forget to check the spelling of URLs — any mistakes indicate a scam website.
Also be sure to look for the secure lock symbol and the letters https:
in the address bar of your Internet browser. These are signs that you're
navigating to a legitimate website.
Never download email attachments unless you can verify that
the sender is legitimate. Similarly, don't send money to charities or
organizations that request help unless you can follow up directly with the
Be wary of unsolicited messages. If you get an email or a
text that asks you for financial information or passwords, do not reply —
delete it. Remember that social engineering scams can also be used over the
phone. Use healthy skepticism when you receive calls that demand money or
request sensitive information. Always be vigilant and think before acting.