Understanding how social engineering works in cyber scams – three tactics to watch out for

From: Get Cyber Safe

Follow:

In partnership with the Canadian Bankers Association.

Staying cyber safe means knowing who to trust online. Even the strongest security systems can be vulnerable when people are tricked into giving away sensitive information like login credentials or account details.

envelopes with exclamation mark notifications in them, with the logo of CBA; text: Association des banquiers canadiens, Canadian Bankers Association

Cyber criminals often use scams to scare, confuse or rush you into taking some sort of action through a process known as social engineering. Social engineering presents realistic messages with urgent requests to trick us into giving away our personal information that scammers can use to commit financial fraud. But these tactics are easy to spot when you know what to look for!

Three social engineering tactics to watch out for

  • Fear as a motivator. Scams that use fear as a motivator often involve threatening or intimidating emails, phone calls and texts that appear to come from an authority figure, such as a police officer, the tax department or a bank. Cyber criminals hope to scare you into giving them your personal information or money.
Transcript - Using Fear as a Motivator

Spot the Social Engineering Tactic and Stay Safe Online

Using Fear as a Motivator

You receive scary emails, calls and texts that try to get your personal info or money.

(Dialogue bubbles appear from a laptop with an email message on screen, and a phone with text messages on screen)

On-screen text: You have 72 hours
On-screen text: You've been hacked!
On-screen text: Sign in at...
On screen text: Confirm your information!

(A text message appears on a phone)

On-screen text: We cannot verify your identity at this time. Your information needs to be updated. Mandatory action is required.
On-screen text: Click the link below to update your CRA profile: www.cra-info-link.com

They may even claim to be a law enforcement, Revenue Canada, or government agency representative.

(Screen turns red with exclamation mark in a yellow triangle, with text Stay Safe.)

Stay Safe.

  • Be suspicious of threatening requests for sensitive information or money.
  • Verify a request by calling the person or organization back using a known number.

Association des banquiers canadiens
Canadian Bankers Association

Learn more at cba.ca/social-engineering

  • Urgent requests. Scams that use the tactic of an “urgent” request can involve suspicious emails, texts or phone calls that demand that you act quickly or there will be consequences. For example, the suspicious message might say that your bank account will be closed or that you’ll lose out on a deal.
Transcript - Urgent requests

Spot the Social Engineering Tactic and Stay Safe Online

Urgent requests

You receive emails, calls and texts that include urgent requests for personal information or money.

(Dialogue bubbles appear from a phone with text messages on screen, and a laptop with an email message on screen)

On-screen text: Urgent! Click here
On-screen text: Verify your details!
On-screen text: Password at risk
On-screen text: Action required!

(The following text message appears on a phone screen)

Frm: YourBank@MessageAlert
Subj: Alert
Msg: Alert,Money Alert
Action Required
www.yourbank-alert.com
If action is not taken your account will be closed in 72 hours.

The request may include threats of consequences if you don't respond in time.

(Screen turns red with exclamation mark in a yellow triangle, with text Stay Safe.)

Stay Safe.

  • Slow down and don't let messages of urgency influence you.
  • Review details carefully and research the facts before you take action.

Association des banquiers canadiens
Canadian Bankers Association

Learn more at cba.ca/social-engineering

  • Irresistible opportunities. Some scams offer opportunities that are too good to be true. They are designed to trick you into providing sensitive information or downloading malware onto your device. Watch out for offers for free access to an app, game or program in exchange for login credentials. Other common scams include lottery or prize winnings or information about a lucrative job opportunity.
Transcript - Irresistable Opportunities

Spot the Social Engineering Tactic and Stay Safe Online

Irresistable Opportunities

You get an offer for free access to an app, game or program in exchange for login credentials.

(A phone with a message from "Your Bank" appears on screen)

On-screen text: Claim your reward now!

Subject: Claim your reward now!
From: Your Bank (mail@yuorbank.com)
To: You
Congratulations,
Log in below to redeem your prize:
sfie89.pw/jh898hHs

Or an offer about a lucrative job opportunity or a proposal to split a lottery win

Subject: Lucrative Job Offer
From: ABC Company abccompany@gmail.com
To: You
Dear Sir/Madam
Click the link below to schedule a time for your interview:
kdue60.pw/JdpF72

(Screen turns red with exclamation mark in a yellow triangle, with text Stay Safe.)

Stay Safe.

  • Be wary of downloading free apps, files or programs. They could contain malicious code.
  • Never share your login credentials or respond to too-good-to-be-true offers.

Association des banquiers canadiens
Canadian Bankers Association

Learn more at cba.ca/social-engineering

How to protect yourself

  • Slow down and don’t let messages of urgency influence you. Always take the time to review the details carefully and research the facts before you take any action.
  • Be suspicious of requests for your personal information. Your bank will never send you an email or call you on the phone asking you to disclose personal information such as your password, credit card number or your mother’s maiden name. Learn how to spot a phishing scam.
  • Limit what you share online. You probably know that you should be careful sharing personal details about yourself, like your home address or phone number, online. Seemingly innocent information, like the name of your first pet, can also be used to steal your data.
  • Install anti-virus, anti-spyware and firewalls purchased from trusted retailers or suppliers. Turn on automatic software updates when they are available in order to protect your devices against malware.
  • Be wary of downloading free apps, files, programs, software or screensavers. Malicious code, like spyware (that secretly monitors what you do online) and keystroke loggers (that secretly track what you’re typing) can be hidden within the download and used to steal your personal information, such as login credentials.
  • Use different passwords for each account. Using the same password for multiple accounts can lead to hacks across multiple platforms. Using a unique password for each of your accounts may seem like a lot of work, but it’s worth the effort to keep your information safe from cyber criminals. Use a password manager to store login data for all your accounts, so you can access them easily with just one primary password. Just make sure the primary password is your strongest one!

Sign up for the CBA’s free fraud prevention newsletter to learn about the latest scams and download your copy of the CBA’s Cyber Security Toolkit for Consumers, created in partnership with the Government of Canada’s Get Cyber Safe campaign and review Get Cyber Safe’s infographic on social engineering.

Related Links

Social engineering: how cyber scams trick us
Spoofing: An introduction
Phishing: Don't get reeled in
What is malware: How to protect yourself
Video: Malware and ransomware
Real examples of fake emails
Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: