A Field Guide to Social Engineering Cyber Scams
This article by Robert E. Braun of Jeffer Mangels Butler & Mitchell LLP (posted at http://www.mondaq.com/article.asp?articleid=719162&email_access=on&chk=2259918&q=1540756) provides a guide to scams used to gain access to personal and business information. Some of these terms are well known, others are unfamiliar. All of them are threats to anyone who uses a computer.
Phishing is a common term for emails, texts and other forms of social messages to trick victims into providing sensitive information. Many pose as legitimate entities asking for required information. “Spear phishing” is a more targeted version aimed at specific individuals or small groups.
Pretexting is a scam in which the perpetrator assumes the identity of a vendor, supplier or IT professional the victim can trust in order to lure them into providing desired information.
Baiting is luring a victim by offering a software update or other “improvement” which is actually malicious.
Quid pro quo is an offer of a service in exchange for information.
A watering hole is an injection of malicious code into public web pages of a targeted site.
Whaling is a combination of phishing and watering hole attacks targeting high level executives with seemingly legitimate requests.
Tailgating is unauthorized entry following an authorized entrant.
The best way way to counter these threats is to be suspicious of all unexpected messages, including phone calls, from unfamiliar sources. Any requests for money or information must be verified without using the email address or telephone number of the sender. Be especially suspicious of messages from sources outside the United States if you don’t know the sender’s identity. Report all suspicious messages to your IT professional.