Human Engineering
Forget about what you see in movies and on TV.
The primary culprit for all of the hacking, scamming, ransomware, and other criminal activities from threat actors is not super smart technical folks writing code at a thousand miles per hour. Rather it’s someone, almost always in another country, luring the victim in with an emotional crisis. It can be trading on loneliness, fear or a grandparent’s love. Stopping these attacks doesn’t involve technology so much as common sense. Here are some tips for recognizing these encounters:
Don’t open attachments from unknown senders. Be careful with known senders if anything appears unusual.
Don’t click links from unknown senders. Even if it is your bank or another trusted agency, enter the URL yourself.
Learn techniques for how to spot false links such as hovering over links to show the URL (do not rely on what displays in the text).
Never reveal your user name or password to a caller. Real customer service does not need to know that.
You can’t use gift cards to pay government fines.
The IRS will not call you to have you pay taxes.
Anything that is portrayed as particularly urgent, should automatically raise a red flag.