preventing online attacks
Personal Security

How to Identify and Protect Against Social Engineering

By Jessica Price

The internet is a vast, complex network that connects the world in ways never dreamed possible prior to its invention in 19806 by Vinton Cerf and Bob Kahn. Unfortunately, there are bad actors on the world wide web and beyond who are working hard to find the most convincing ways to manipulate people and take advantage of them. Those of us who used the internet in the early 2000s knew that likely the most dangerous things on the internet were scary people in chat rooms and viruses from websites like LimeWire (although downloading the new Backstreet Boys songs felt worth the risk). Things have evolved. Crime has become more sophisticated, and it has become much more difficult to discern truth from fiction and safe interactions from potentially dangerous ones. Like chat rooms, Social Engineering poses a unique threat to people because connection and humanity are used as lures.

What Is Social Engineering?

A few years ago, my grandmother received a call from a man claiming to be my cousin. She felt something was off because he called her grandma instead of the pet name we all have for her. Regardless, once he shared his story, she became so concerned that she forgot about the wrong name. The caller told her that he was in trouble and needed her to drive to a pharmacy in the next town to bring gift cards and money to give to the police so he wouldn’t be arrested. There were red flags all over the place. Luckily, my grandmother realized that this was a scam and she refused to talk to them. She then called the police. When a scammer appeals to a person and their humanity or their good nature, the attack is classified as social engineering.5 Of course attacks occur not only over the phone but also online. Email attacks are fairly common, and phishing happens regularly. Phishing is an email attack in which the sender tries to secure personal information from the recipient with the intent to steal money or their identity. "Human hacking5 is a term used for social engineering because the information that is stolen comes directly from human-to-human interaction.

safety online

How does social engineering work?

There are multiple social engineering attacks that are employed by criminals. The most common attack we will focus on in the bulk of our discussion is phishing.  However, it’s important to understand the basic premise of each attack type in order to protect yourself. Below are common examples of how these social engineering attacks1 occur.

  • Phishing: Clicking on a link in an email is a common way attackers gain access to sensitive information. Many times, attackers pretend to be someone you can trust in order to lure you into clicking.
  • Malware: Downloading malware typically happens by accident—users are led to believe that they must download a program for a pressing reason. The software then infects the computer.
  • Baiting: If you receive a promise of a prize or monetary gain in exchange for your personal information, you’re likely being baited.
  • Quid-Pro Quo: Victims believe their attacker is a trusted individual in these attacks such as a tech expert who is lending a hand with a question.
  • Tailgating: Allowing someone to follow you into a building or secure area rather than them needing their own credentials or badge, for example, can allow tailgating to occur.
  • Vishing: Have you ever received a voicemail from someone who said they were with the IRS or an official office? Likely the caller was a criminal attempting to attack you via vishing aka voicemail phishing.
  • Spear Phishing: Like phishing, clicking on links is the gateway for bad actors. However, just like in real fishing, spear phishing goes after big fish like companies and involves more precision from the criminals.
  • Water-Holing: A water hole brings people or animals in to take a drink. Likewise, a water-holing attack draws unsuspecting people in by posing as a legitimate website that is actually infected with malware that can give criminals access to your computer and secure information.
  • Pretexting: This is when the bad actors flex their acting skills. They will pretend to be someone you can trust or regularly do business with to gain access to your personal information.

What do all of these examples and scenarios have in common? Human emotion. Criminals are preying on their victims’ humanity and their desire to help take care of a problem or protect themselves. Criminals utilize urgency and scare tactics that make people take quick action without thinking through the possible dangers or even whether or not they can totally trust the person requesting the information.

Protecting Against Social Engineering

The best way to protect yourself from social engineering attacks is to take your time when making decisions online and elsewhere. Anyone who is rushing you to do something that isn’t part of your daily routine should be assessed fully before trusting them. Keep in mind that legitimate businesses are just as aware of the dangers of social engineering and they are actively working to protect their customers from the bad guys.

Phishing attacks4 put your most personal information at risk like identification numbers, banking information, and your passwords which can lead to complicated problems that can be quite difficult to rectify. My mother-in-law once received a phony email from someone claiming to be the FBI and asking for money. The email address was a Gmail account which raised a red flag and prevented her from proceeding, but vulnerable people who are, perhaps, less internet savvy or aware of the types of attacks out there can fall victim to this type of phishing.

One of the most important ways you can protect yourself from attacks like phishing is to install software that monitors for attacks. The second most important thing you can do, as mentioned before, is take pause when responding to emails or requests for information or payments. If something feels off, it might be. You can always call the company that is asking for information using the phone number you know and trust to be accurate in order to verify the legitimacy3 of any requests you receive. Again, since many companies are doing their part to prevent fraud, they will be happy to help you and most would never ask for sensitive information out of the blue.

social media safety

Social Media and Speedy Cash

Social media is another place to watch for these types of attacks. Speedy Cash works hard to monitor our social sites to create an informative environment for all our customers. However, beware of scammers who may create false social media pages, impersonating us via pretexting. Learn to protect yourself! We want to make sure that customers understand the importance of carefully considering anyone who claims to be an expert or is posing as a company online. Speedy Cash will never ask for your personal information via social media nor make direct offers to you via social media. The internet can be a little scary, but as long as you keep your eyes open, ask questions, and stick to websites you know and trust when sharing personal information, it can become a little safer. However, never let down your guard.

Sources:

1Terranova Security (2023, Apr 14). 9 Examples of Social Engineering Attacks Retrieved from: https://terranovasecurity.com/examples-of-social-engineering-attacks/

2Harvard Business Review (July-August 2013 issue). The Uses (and Abuses) of Influence Retrieved from: https://hbr.org/2013/07/the-uses-and-abuses-of-influence

3Cybersecurity and Infrastructure Security Agency (CISA) (2021, Feb 1). Avoiding Social Engineering and Phishing Attacks Retrieved from: https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks

4Microsoft What is Phishing? Retrieved from: https://www.microsoft.com/en-us/security/business/security-101/what-is-phishing

5IBM What is social engineering? Retrieved from: https://www.ibm.com/topics/social-engineering

6Hogeback, Jonathan Who Invented the Internet Retrieved from: https://www.britannica.com/story/who-invented-the-internet#:~:text=Computer%20scientists%20Vinton%20Cerf%20and,referred%20to%20as%20the%20Internet.

About
Jessica Price
Read More from Jessica Price
Jessica Price | Finance Blogger | Personal Loans, Payday Loans, Installment Loans, Line of Credit, Title Loans, Budgeting Tips, Financial Literacy Jessica is hyper-focused on making information about the Personal Loans offered by Speedy Cash including Payday Loans, Installment Loans, Line of Credit, and Title Loans accessible and digestible. The key to responsible borrowing is understanding the loans you’re considering, and it’s Jessica’s mission to help anyone considering a loan make an informed decision. Jessica is passionate about sharing Budgeting Tips and helping readers increase their Financial Literacy. You’ll find great budgeting tips and information that will help you improve your financial wellness sprinkled throughout each of her blogs.

Related Articles

Paying with contactless technology

Contactless Payments: Health, Security, and Ease of Use

 #Personal Security
Staying safe on social media

The World of Social Media Safety

 #Personal Security
Creating passwords

The Ins and Outs of Password Security

 #Personal Security

Related Reading

  • Vehicle Title Loans

    Get a Title Loan from Speedy Cash with your vehicle as collateral! See what to bring to a store, the process once you arrive, and what repayment...

  • Online Loans

    Discover Speedy Cash online loans, how they work, what's required, and how to apply. Online loans provide convenience and flexibility, so get...

  • Cash Advance Loans

    We've designed our Cash Advance application to be as straightforward as possible, so in most instances you can access the funds you need without delay.

© 2024 Speedy Cash. All Rights Reserved.

Loan Products: Subject to state regulations, eligibility, credit check, underwriting & approval, and meet state database eligibility, where required based on type of lending product requested. All products are not available at all locations. Rates, terms and conditions apply. See associate for details. Lending decisions and funding times subject to system limitations. Some applications may require additional verification, which can delay the lending decision.

Non-Loan Store Services: Rules, restrictions, and fees apply. See store for details.

Short term loans should be used for short-term financial needs and not as a long-term financial solution. Customers with credit difficulties should seek credit counseling.

The credit decision on your application may be based in whole or in part on information obtained from a national database including, but not limited to, TransUnion, Equifax, LexisNexis or FactorTrust, Inc.

†Instant funding is not applicable for all debit cards and is not available in Ohio, Oklahoma, Oregon, or South Carolina. Subject to system limitations. Some restrictions may apply.

∞Cash advances only available up to approved credit limit; some restrictions may apply.

Green Dot: Must be 18 or older to open an account. Online access, mobile number verification (via text message) and identity verification (including SSN) are required to open and use your account. Mobile number verification, email address verification and mobile app are required to access all features.

1. Early direct deposit availability depends on payor type, timing, payment instructions, and bank fraud prevention measures. As such, early direct deposit availability may vary from pay period to pay period. The name and Social Security number on file with your employer or benefits provider must match your Green Dot account to prevent fraud restrictions on the account.

2. Opt-in required. Account must be in good standing and chip-enabled debit card activated to opt-in. Initial and ongoing eligible direct deposits are required for overdraft coverage. Additional criteria may apply which can affect your eligibility and your overdraft coverage. Overdrafts are paid at our discretion. Overdraft fees may cause your account to be overdrawn by an amount that is greater than your overdraft coverage. A $15 fee may apply to each eligible purchase transaction that brings your account negative. Balance must be brought to at least $0 within 24 hours of authorization of the first transaction that overdraws your account to avoid a fee.

3. See app for free ATM locations. 1 free in-network withdrawal per calendar month. $3.00 per withdrawal thereafter. $3.00 for out-of-network withdrawals and $1.00 for balance inquiries, plus any fee the ATM owner may charge. Limits apply.

Green Dot® cards are issued by Green Dot Bank, Member FDIC, pursuant to a license from Visa U.S.A., Inc. Visa is a registered trademark of Visa International Service Association. And by Mastercard International Inc. Mastercard and the circles design are registered trademarks of Mastercard International Incorporated. Green Dot Bank also operates under the following registered trade names: GO2bank, GoBank and Bonneville Bank. All of these registered trade names are used by, and refer to, a single FDIC-insured bank, Green Dot Bank. Deposits under any of these trade names are deposits with Green Dot Bank and are aggregated for deposit insurance coverage up to the allowable limits. ©2023 Green Dot Bank. All rights reserved. Green Dot Corporation NMLS #914924; Green Dot Bank NMLS #908739

NOTICE: The Federal Equal Credit Opportunity Act prohibits creditors from discriminating against credit applicants on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to enter into a binding contract); because all or part of the applicant’s income derives from any public assistance program; or because the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The Federal agency that administers compliance with this law concerning this creditor is the Consumer Financial Protection Bureau, 1700 G Street NW, Washington DC 20006 and the Federal Trade Commission, Equal Credit Opportunity, Washington DC 20580.

Alabama: Minimum age to apply in Alabama is 19.

California: Company is licensed by the California Department of Financial Protection and Innovation pursuant to California Deferred Deposit Transaction Law, Cal. Fin. Code §23000 et seq.

California: Compañía está autorizada por el Departamento de Protección e Innovación Financiera bajo la ley de Transacciones Depósito Diferidas de California, Cal. Fin. Código § 23000, et seq.

Customers who are California residents may request information from us to know what personal information we may collect, have, or maintain about them and what we do with it per the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). If you are a California resident and wish to make a request under CCPA or CPRA, click on the “Do Not Sell or Share My Personal Information” button or link.

Nevada: The use of check-cashing services, deferred deposit loan services, high-interest loan services or title loan services should be used for short-term financial needs only and not as a long-term financial solution. Customers with credit difficulties should seek credit counseling before entering into any loan transaction.

Oregon: Licensed by the Oregon Department of Consumer and Business Services to make Deferred Deposit Loans, NLMS Id. #0267-004-S.

Tennessee: The State of Tennessee requires a minimum principal reduction. In order to comply with the minimum state-required principal reduction, Speedy Cash requires that minimum payments include a principal reduction of 2% or $2.50 for Customers who get paid bi-weekly/twice-a-month, or 4% or $5 for Customers who get paid monthly, whichever is greater.

Texas: Speedy Cash operates as a Registered Credit Access Business (CAB). The actual Lender is an unaffiliated third party. Speedy Cash engages in the money transmission and/or currency exchange business as an authorized delegate of MoneyGram Payment Systems, Inc. under Chapter 151 of the Texas Finance Code. If you have a complaint, first contact MoneyGram Payment Systems, Inc. at 1-800-MONEYGRAM . If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294, 1-877-276-5554 (toll free), www.dob.texas.gov.