Module 3: Social Engineering & Online Scams
What is Social Engineering?
Social engineering is when hackers trick people into giving away sensitive information instead of hacking computers directly. They use human emotions like trust, fear, and urgency to manipulate people.
Social engineering can happen in person, over the phone, through email, or even on social media.
Common Types of Social Engineering Attacks
1. Pretexting (Fake Stories to Gain Trust)
- The attacker pretends to be someone trustworthy like a co-worker, bank employee, or police officer.
- They create a convincing story to get victims to share private information.
- Example: A scammer calls pretending to be from IT support and asks for your password to “fix an issue.”
How to Stay Safe:
✅ Always verify the identity of anyone asking for sensitive information.
✅ Call back using official phone numbers instead of numbers they provide.
2. Phishing (Fake Emails & Messages)
- Attackers send fake emails, texts, or messages pretending to be from a trusted source.
- These messages often include malicious links or attachments to steal login credentials or install malware.
- Example: An email that looks like it’s from your bank asking you to “verify your account” by clicking a suspicious link.
How to Stay Safe:
✅ Never click on links or open attachments from unknown senders.
✅ Look for red flags like misspelled words and urgent requests.
3. Vishing (Voice Phishing Calls)
- Scammers call and pretend to be tech support, government officials, or bank representatives.
- They use fear tactics to get you to reveal personal details.
- Example: A scammer calls claiming to be from the CRA (Canada Revenue Agency) and demands you pay “unpaid taxes” immediately.
How to Stay Safe:
✅ Hang up and call the real organization directly using an official phone number.
✅ Never share personal details over the phone unless you initiated the call.
4. Smishing (SMS/Text Message Scams)
- Attackers send fake text messages pretending to be from a bank, delivery service, or government agency.
- The message often includes a malicious link to steal your information.
- Example: A text says, “Your package delivery is delayed. Click this link to reschedule.”
How to Stay Safe:
✅ Do not click on links from unknown numbers.
✅ Verify messages directly on the company’s official website.
5. Baiting (Fake Offers to Trick You)
- Attackers offer something tempting (like free music, movies, or USB drives) to make you install malware.
- Example: A fake website offers a “free movie download,” but the file actually contains a virus.
How to Stay Safe:
✅ Avoid free downloads from unknown websites.
✅ Never plug in unfamiliar USB drives into your computer.
6. Tailgating (Physical Security Trick)
- An attacker follows someone into a secure area without proper authorization.
- Example: Someone pretends to be a delivery worker and asks to be let into an office building.
How to Stay Safe:
✅ Always ask for ID before allowing strangers into secure areas.
✅ Do not hold the door open for unknown individuals in restricted areas.
