DECEMBER 2012: We hear about online and email scams all the time, but what about scams that involve a living, breathing person trying to get your information? Can you spot a scammer when you see one?
Even tech-savvy frogs like you can fall victim to clever “social engineering” schemes that seem innocent.
Here are three examples to boost your super-duper, scam-thwarting skills:
A man walks into your reception area at work wearing a suit and carrying a briefcase. He greets you gleefully and says an HR associate whom he mentions by name told him to drop off a resume for the open xyz position. The only problem, he says, is that on his way over he dropped his daughter off at school and she spilled his coffee on his resume when she leaned over to give him a hug goodbye. With a coffee-stained folder in hand, he asks if you wouldn’t mind printing out another copy of the file named “resume.pdf” from his USB stick.
The Play: Gain access to your company’s network by uploading remote access software. There are dozens of variations of the coffee-stain guy, all counting on you to behave like the kind-hearted frog you are.
The Block: Don’t put flash drives that aren’t yours into an USB port. Instead, offer to walk him over to HR.
Your friend uploads a resume to Monster.com or another job posting site. Within a few days, he gets a call from someone in an HR department who thinks he’s a good candidate. The caller shares details about the position and the associated benefits package, which includes vacation time, full-coverage for medical and dental insurance, and more. She only needs one more piece of information before she can set up your friend’s interview — a Social Security Number (SSN) for a routine background check or his bank account number to make sure the company can send his paychecks via direct deposit.
The Play: Steal your friend’s identity, money or both. Unfortunately, while job-posting sites usually do what they can to make their sites safe, some responsibility still falls on job-seekers’ shoulders, who can be easy to entice entice.
The Block: Confirm the company’s legitimacy and then call the HR person back using the company’s main line and asking for her by name. Unless you initiate the call or are absolutely certain who you’re talking to, never give out your SSN, bank account numbers, credit card account numbers, driver’s license number or passwords.
You’re in line at a crowded coffee shop. The guy behind you seems a little too close, but he’s clicking away on his smartphone and it’s a bit chaotic so you let it slide. When it’s your turn you swipe your debit card, enter your PIN and move to the pick-up lowercase p line to grab your latte with an extra shot of espresso.
The Play: “Shoulder surfing” to get your PIN or other personal information. Smartphones take awesome pictures and videos, so your privacy out in public is a thing of the past.
The Block: Cover keypads and your own keyboard whenever you enter account data, usernames and PINs. Also, sit with your back toward a wall when working online out in public, if possible. Scammers also use hidden cameras and binoculars so even if it seems no one is near, cover up anyway!