1. Home

Avoiding Social Engineering Scams: How to Spot Hackers Knocking at Your Digital Door

06/24/2022

A smartphone with a purple screen and lock icon against a yellow background.

By Lara Evans Bracciante

To help ABMP members stay safe in the digital world, we are running a short blog series on cybersecurity and how you can protect your personal information and your computer and digital devices from today’s bad actors. Here is the first installment on social engineering scams.

Google and Facebook lost $100 million when payment for services were repeatedly sent to a hacker account. Username and password credentials were stolen from employees at the US Department of Labor, compromising sensitive data. Microsoft sounded the alarms when Russian hackers targeted individuals at organizations critical to Ukrainian security and emergency response. And massage therapists have repeatedly been the target of “reimburse for overpayment” scams and fake invoicing for website hosting. In all these cases, the bad actors were targeting individuals, asking them to make one wrong move, and let them through the door.  

Cybersecurity has become a mainstream word, and we all generally know what it means: information protection on our computers and devices. And while success requires a multipronged approach—updated software, firewall protection, strong passwords—it is also critical to protect yourself from a thing called social engineering.

What is Social Engineering?

Social engineering is a fancy phrase for getting someone to click on a link or take an action that will compromise security. And while we’ve gotten pretty good at spotting the “Nigerian prince” email scam, social engineering includes a variety of techniques, some of which are now quite sophisticated. They can come via email, text messaging, app messaging, or over the phone. And they are happening all the time, and pretty much to everyone.

The basic concept is, a message is sent to you urging action—to click a link, download a file, maybe update your online credentials. The sender may be sending this en masse or has perhaps targeted you or your business specifically. They may even pretend to be your bank, your boss, or an employee in human resources or accounting. Ultimately, they are looking for you to make a mistake that could compromise your private information and/or infect your computer or digital device with a virus. Check out these specific phishing examples from KnowBe4, an organization offering online security training.

But if you stay aware, you will find tell-tale signs within scam messages that give them away, and you can simply choose to not open the door when the hacker knocks.

Tips to Protect Yourself from Social Engineering

Here’s what to look for:

  • When receiving an email, mouse over the sender’s name and see what actual email address is behind the name. For example, the name may read John Smith (your manager) but scrolling over the name reveals the email address as 235jasper@gmail.com (not your manager’s email).
  • Also, when checking the full email address, verify the domain (that last part of the email address) and ensure it’s not a close fake; jsmith@national.bank.com is not the same as jsmith@nationalbank.com. That single period makes all the difference.
  • Check the subject line. Is it relevant to the content? If not, this is a big red flag.
  • Does the subject line or content connote urgency? For example, check to see if the subject line is attention-getting but vague (“Very Important”) or the content asks for immediate help (“I am stuck at the airport and need some cash.”) Chances are, this is not legit.  
  • Mouse over any links in the content and verify the authenticity of the website address. If there’s any question, don’t click.
  • Never click on or download an attachment unless you are absolutely certain it’s coming from a safe sender, and you are expecting it. Not sure? Pick up the phone and call the sender to verify.
  • Question any phone or email requests from “the IT department” or “accounting” asking for computer access, account credentials, or other sensitive information. It is unlikely that such a request is ever necessary.
  • Remain skeptical. Would the CFO really send you an email from the airport asking you to quickly wire money to a client he forgot to pay? If there’s any doubt, make a call to verify the request. Your boss, bank, or client will appreciate your savviness.

Social engineering is widespread, and everyone is at risk. Be wary, keep your guard up, slow down, and check twice. The extra seconds to do so could make all the difference.

author bio

Lara Evans Bracciante is ABMP’s senior director of Information Technology & Member Service Operations.

Category: 
Blog Posts

News

View All

Ohio Adopts Interstate Massage Compact

06/28/2024

The Ohio legislature adopted Senate Bill 56 on June 21, becoming the second state to enact the Interstate Massage Compact. Massage therapists will soon be able to obtain a multistate license that will reduce holdups and delays that often occur when moving to a different state.

US Department of Education 150% Rule Update

06/24/2024

A federal judge has granted a preliminary injunction that halts the enforcement of the US Department of Education’s new Bare Minimum Rule, also known as the “100% rule,” until the court takes further action. This is the first step in what could be a lengthy battle to ultimately delay enforcement of the rule, providing schools more time to adjust their programmatic standards, or overturn the rule altogether. Find out more and what your school needs to do to prepare.

Colorado Bill Requires Local Background Checks

06/21/2024

Governor Jared Polis signed into law House Bill 24-1371, requiring local government (counties, cities, or municipalities) to conduct periodic criminal background checks for massage establishment operators, owners, and employees.

Blog

View All

Perform Your Best with MassageBook

07/05/2024

Illustration of computer and phones displaying MassageBook sites.

MassageBook wants to help you focus on delivering exceptional care to your clients and building the practice of your dreams.

Julie Plachta: Serving the Underserved

06/05/2024

Woman massages a client who is lying facedown on a massage table.

As we get closer to celebrating Massage Is for EveryBody, July 14–20, 2024, we wanted to share more of Julie Plachta’s story, which exemplifies the inclusive values of this campaign.

Benefits

View All

Featured ABMP Discount Partner: Hyperice

07/01/2024

ABMP members save 10% on all Hyperice percussive and heat/ice technology massage devices, including the Hypervolt, Vyper Vibrating Fitness Roller, and Ice Compression.

Featured ABMP Discount Partner: Yomassage

06/24/2024

ABMP members receive 20% off Signature Yomassage, Mindful Touch by Yomassage, Barefoot Yomassage, Table Yomassage, and Yomassage Facials certifications.

Please note: We have recently updated our Privacy Policy and Terms of Use. Learn more...