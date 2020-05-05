Email scams have been around forever. Anyone with an email address has been contacted by the son of a deposed Nigerian king or a dying woman in Germany who is gifting her vast fortune to strangers on the internet.
Most of us have learned to avoid such scams. Although according to a report from CNBC, Nigerian Prince scams still manage to bring in over $700,000 a year from unsuspecting internet users.
But, like all things, internet scams have evolved over the years. Modern phishing emails can sometimes be indistinguishable from legitimate emails. Earlier this week my editor received an email that appeared to be from a legitimate company claiming that the paper had used a copyrighted photo in one of our stories, complete with a link to the story and a photo.
Her first reaction was a mild panic, thinking that somewhere wires had been crossed and we had used the wrong photo. But after going back and double checking it was clear the photo we had used had been a free use, courtesy photo. It was a stock image that appeared on dozens of other websites.
This email was a great example of social engineering, a phrase that has gained prominence in cyber security circles over the last few years. Last week, I talked about how we trade a modicum of privacy to live in a globally connected, always online world. Companies you’ve never heard of have built profiles about you, your likes and dislikes, the names of your friends and relatives and pets, to the point that they can tailor ads specifically toward your interests.
When that data is stolen, or collected by malicious actors, it can then be turned against you. This is where social engineering comes into play. Scammers use the information they have on you to target you on a personal level, often preying on your fears and concerns. It is a deceptive practice used to manipulate individuals and companies into divulging important data.
If my editor had replied to this scam it likely wouldn’t have meant divulging important information the scammers were looking for. That’s how social engineering scams work. The paper was likely targeted based of publicly available information, and an email specifically playing on the fear that we had accidentally published a copyrighted image was constructed for us.
For individuals, these emails mainly come in the form of an official looking email from your bank asking you to click a link to change your password. As a general rule, you should never input your bank information anywhere online other than your online banking account. But these emails usually look official and come with a dire warning that “your information has been compromised” and you need to change your password immediately.
For companies, these scams sometimes come in the form of a fake fax document that shows up in your email, or a notice of payment in a zip file, almost always marked urgent and almost always referencing an actual account. Typically, you want to always be wary of any email that demands swift action and plays on your fears. When in doubt, always consult your company’s IT department.