How can I avoid becoming a victim of a social engineering scam?

Imagine that you receive an email with an urgent message asking you to verify your banking information by clicking on a link. Or perhaps you get an enticing text message claiming that you’ve won a free vacation to the destination of your choice — all you have to do is click on a link you were sent. In both scenarios, clicking on the link can accidentally result in revealing your sensitive personal and financial information to a cybercriminal.

In a social engineering scam, a cybercriminal psychologically manipulates victims into divulging sensitive information. Cybercriminals “engineer” believable scenarios designed to evoke an emotional response (curiosity, fear, empathy, or excitement) from their victims. As a result, people often react without thinking first due to curiosity or concern about the message that was sent. Since social engineering scams appear in many forms and appeal to a variety of emotions, they can be especially difficult to identify.

Fortunately, there are steps you can take to protect yourself from a social engineering scam:

  • If you receive a message conveying a sense of urgency, slow down and read it carefully before reacting. Don’t click on suspicious or unfamiliar links in emails, text messages, and instant messaging services.
  • Never download email attachments unless you can verify that the sender is legitimate. Similarly, don’t send money to an email that requests charitable help unless you can follow up directly with the organization.
  • Be wary of unsolicited messages. If you get an email or a text that asks you for financial information or passwords, do not reply, delete it.
  • Remember that social engineering scams can also be used over the phone. Use healthy skepticism when you receive phone calls that demand money or request sensitive personal and financial information.