Teach Cyber 2020 logo
DECEMBER 02, 2020

The Teach Cyber Byte

In this week's Byte, we define the term "Social Engineering" and offer reminders on how to stay safe during the online shopping season. Feel free to forward and share! (Please note: if you forward this to someone else and they click "unsubscribe", you may be unsubscribed from the mailing list.)

"Social Engineering"


It's that time of year again! Shopping online? Chances are, with the increased move to online shopping because of COVID-19, you or someone you know are shopping online and hunting for bargains. Don’t let those online “steals” steal away your information and credentials! Be a wary shopper and keep an eye out for social engineering.
"Good catch this year, Max!"
Social engineering involves tricking people into breaking security practices- (e.g., opening a scam email, clicking suspicious links, downloading malicious files, or giving out confidential information like credit card numbers or log-in credentials). Social engineering attacks are used for two primary purposes: to disrupt or to steal high value information.

Social engineering exploits human psychology and uses the Principles of Persuasion to manipulate users into performing an action. These principles are: reciprocity, scarcity, authority, consistency, liking, and consensus.
One common type of social engineering is phishing (a play on the word "fishing"). Phishing is a cybercrime in which an attacker poses as a legitimate person/institution and contacts a target electronically (e.g., via email, phone call, or text). The goal of phishing is to get the target to voluntarily give up sensitive information.
So, what social engineering tactics should you look out for when shopping online? If a deal seems too good to be true, it’s probably is! Be wary of deeply discounted offers for popular products (including electronics), especially if the offer is "limited time" and encourages you to act fast. Also, be wary of offers from unknown sellers, or of a site asking for address and payment information for a drawing entry. These social engineering tactics use the scarcity and urgency Principles of Persuasion to convince people to willingly hand over personal and payment information.
In this busy online ordering season, it can be easy to lose track of packages. Watch out for suspicious emails or texts about package delivery. They could contain links to fake login pages for Amazon, FedEx, UPS, USPS, etc. These emails/texts can appear legitimate, and attackers may text or email you more than once. These tactics use the authority and consistency Principles of Persuasion to convince people to willingly give up log-in credentials.
Captured log-in credentials can be resold by hackers, enabling the buyer to gain access to the compromised account and/or to other, non-related accounts (i.e., if the user has the same log-in credentials for multiple accounts, or if a compromised email account allows password resets for other accounts the user owns).

When you get a text or email containing a link, don’t just click that link! Navigate to the site in question by typing in address in the URL bar or by searching through a reputable search engine. Log-in and search for messages on the account itself. Still not sure? Call them up on their customer service number found at their official website.
Explore social engineering and the Principles of Persuasion in the "Intro to the Challenge of Cybersecurity" course, Unit 4, Lesson 9 (free to registered users). Students explore social engineering and phishing through the “Phishing Quiz” activity.

In Unit 4, students delve deep into the technical aspects of cybersecurity including data states and data controls, vulnerabilities and exploits in software, hardware, networks, cyber-physical systems, and human use of data. Students in this unit gain both theoretical understanding and practical, hands-on experience of cybersecurity as a complex set of systems, networks, and human interaction vulnerable to many exploits that require protection.

More information about social engineering can be found at the following resource:

Puig, A. (2020, February 20). Is that text message about your FedEx package really a scam? U.S. Federal Trade Commission. https://www.consumer.ftc.gov/blog/2020/02/text-message-about-your-fedex-package-really-scam
Teach Cyber 2020 logo