Social engineering is the psychological manipulation of the natural human tendency to trust. People inherently want to be helpful, so some con artists assume a level of credibility with you to gain access to information that seems harmless but is actually very important.
What usually happens is people hear a professional sounding voice on the phone or see a seemingly trustworthy email, and then scammers use that and other psychological tricks to con people into opening malicious files or sharing critical information.
At VMS we advise our team to be suspicious of unsolicited calls or emails looking for information, such as:
- Emails looking for names of our team members. For example: “I need the names of your engineers for the company sweatshirt order…”
- People you do not recognize claiming to know you and asking for help. For example: “We met at a conference, can you please look at my paper and give me some insights?”
- Emails from authority type institutions such the IRS, federal courts, etc.
- Pushy people calling you and asking you to take immediate action on a previously unknown issue.
- Social media invitations from people you do not know.
Remember that social engineering cannot be blocked by technology alone. We all must be on the lookout for potential threats.