Social engineering: A guide to staying safe
By: Shell Energy
27 Apr 2021
Privacy issues are important to UK consumers. And they should be - so much of our personal data is stored online.
In fact, two thirds of consumers in the UK are more alarmed than ever about their privacy according to the NortonLifeLock Cyber Safety Insights Report, with the top fear being cybercriminals exposing their personal information.
One way that hackers access information is through social engineering such as phishing emails. It's estimated that one in every 3,722 emails is a phishing attempt and that phishing emails cost UK businesses almost £7 billion. Criminals use these underhand tactics as it’s usually easier to exploit a person’s natural inclination to trust, and attempt to fool you into sharing your password, than it is to find new ways to hack your software.
But what exactly is social engineering, and how can you protect yourself against it? Let's take a closer look.
What is social engineering?
According to Steve Wilson, Director of EMEA North at NortonLifelock, social engineering is when "someone gets psychologically manipulated into either performing a specific action and/or into divulging confidential information."
For example, you may receive what is known as a phishing email with a tempting offer that sends you to a fake website that asks for personal information to be entered before you can claim the deal.
Although the email and website may look plausible at first, it has been socially engineered to appear that way. "Cybercriminals make use of the information you give," Wilson adds, "or use the website to place malware on your computer for further attacks."
How to spot a phishing email
Cybercriminals use a variety of phishing emails to trick consumers. As a general rule, Wilson recommends that you should "be wary of any messages that ask you to fill out a form or provide any personal information."
Here are some of the most common examples found in online shopping:
- Click and receive: this type of message asks you to complete a form or provide personal information to claim a package. As a general rule, if you're not expecting a package, it's best to ignore these emails.
- Offer alert: this is an email with a link to a website where you can claim a fantastic offer or free gift. Usually, if it sounds too good to be true, that's because it is. Both the email and website are malicious.
- Fake refunds: these emails claim that you're due a refund for an online purchase. They may look legitimate with a brand name you know but will send you to a site that will steal your data or expose your device to malware.
On closer inspection, phishing emails usually have tell-tale signs that something's not quite right. For instance, the branding may differ from what you're used to, or the company might be completely made up. There may also be spelling mistakes in the email wording or pictures that don't load correctly.
"If you’ve never heard of the company or if the known company’s logo looks slightly different in some way, get out of there," is the advice from Wilson.
You can also hover over the hyperlink it's asking you to click on to see the true destination it will send you to if you click on it. If the address looks suspicious, send the email to the bin.
Other examples of social engineering
Unfortunately, email isn't the only social channel cybercriminals use. You should also be wary of text messages that ask you to share sensitive information. If you receive a text message claiming to be from a company you have never used, it's best to ignore it.
If the text purports to be from a brand you're connected with (such as a bank), to be safe check directly with that company using their publicly listed contact details rather than replying to the text or calling the number listed.
As well as text phishing, be alert for vishing, which is where you receive an unsolicited phone call. To ensure you don't pass information on to a scammer, ask what company they're with, then hang up and contact that company using the number on their website.
Fake websites are another socially engineered nuisance. "Phoney shopping sites can be hard to tell apart from the genuine ones, and even legitimate sites can be hijacked," according to NortonLifelock’s Steve Wilson.
"These fake sites often rely on shoppers mistyping the genuine web addresses of popular websites or clicking on messages from phoney vendors who have a similar address, so slow down and check what you’ve clicked or typed. Otherwise, you could end up viewing unsavoury content or infecting your device with malware."
For more advice on how to tell if a website is safe to use and top tips for making safe online payments, check out our guides on to how to shop safely online, how to create a safe password, and how to protect yourself from computer viruses.
Stay safe with antivirus software
Installing antivirus software on your devices helps protect against viruses and makes you less susceptible to cyber threats.
Software such as Norton™ 360 Deluxe 5 Devices offers powerful protection against evolving cyberthreats to your devices and online privacy, and can protect up to 5 PCs, Mac®, smartphones or tablets in a single solution. You’ll be able to bank, shop and browse online worry-free knowing that your devices are protected. And you can buy it through the Shell Energy Shop.