Post by drcard on Jul 26, 2015 9:19:25 GMT -5
Hi All,
I hope most readers find what I wrote redundant, but for those that don’t this info may save their bacon.
To find the best security software there is, take your hands and place them on your ears. You now have the best security software in your hands. That’s right, YOU are the best security software and unless you want to charge yourself, it’s free. How can this be true when you think that you know very little about security? Well, you know a way lot more than you think and all you have to do to put it into use is to think before you act.
The security I speak of encompasses your whole world and not just your PC. Sadly, there are people out there that have decided that the best way to make a living is to take from other people. I wish we could “fix” these misguided souls and solve the root cause of this problem, but I’m afraid the best any of us will be able to do is prevent us from being one that they took from.
Most, if not all, security threats that are directed at an individual rely totally on social engineering. Yes, there are security threats out there that do not rely on any social engineering; but such threats are so difficult and time consuming to do that they are only used when the “prize” is large such as a company. A hacker is not going to spend $1,500 and two months time to hack your bank account for $500. A hacker would rather spend $200 and a couple hours to send out a threat to a large number of people that totally depends on social engineering and hope that the social engineering will do the work for them.
What is social engineering? Social engineering is the first response the majority of people will take in a situation. Example: When we are talking to someone and they look away from us. The most common reaction is to look where they are looking. That act of looking where someone else is looking is a social engineering reaction. I used that social engineering for this post by the title I selected as another example of social engineering. You decided to read this post because you thought that I was going to post a link for the best free security software.
How do hackers use social engineering? Most people are secure and a hacker needs your help to take from you. A hacker uses a social engineering response to get you to “open the door” so they can take what they want. A common social engineering response is curiosity where you take an action you would normally not do, but because you want to know you take that action anyway. Example: an email with a virus attachment labeled “lost pictures of George Washington” or any title that would spike your curiosity to open it even though you know that you shouldn’t open email attachments from an unknown sender. Another example is calling and telling you that your PC is infected and lie to you that they are representing a company that you would trust. Your curiosity of what is wrong with your PC makes you willing to pay to find out. I could fill pages with examples of scams and cons that are based upon curiosity and social engineering. You do not need to learn about each and every different kind of scam and con based on this social engineering, but rather learn to recognize the common thread to all of these scams and cons that indicate it is a scam or con.
What are the common threads that indicate a scam or con?
1) They contact you – All these scams and cons start with the scammer contacting you. This includes emails, web sites, phone calls, snail mail, and in person. When this happens take time to think “Do I know them?” and “Why are they contacting me?”. Another important question to ask yourself is “If it appears to be someone I know, is this how they usually contact me?”. If you don’t know them or if it appears to be someone you know that is contacting you very differently than they usually do; then the answer to why they are contacting you is that they want something from you. If you response or continue with the contact just keep in mind that they want something from you. How they would normally contact you is a big give away that it is a scam or con. The IRS does not call you on the phone to tell you that you owe them money.
2)They require you to do something – In order for these scams and cons to work they require you to take some action to “open the door” for them. What they ask you to do will seem simple such as clicking a link or giving information that you know by heart. The more simple the task you have to do, the more likely you will do it without even thinking about it. Ever have a legitimate transaction that you completed with a single click or reciting your 9 digit US identification number? It doesn’t happen. The more simpler the task you are asked to do, the more likely that the task is the key component for a scam on you.
3) It’s the first time – People really are not stupid, so a scam and con only works one time on a person as the person doesn’t fall for that same scam the next time. That means the scams and cons you need to be on the lookout for are ones you have never seen before. These “new” scam will be based upon some new spin to get you to “open the door”. That means you should be very leery when the message (email, link, phone call, etc.) is something you have never heard of before. Legitimate changes in contact with you will be announced before they are enacted. For Example: If Microsoft was really going to monitor everybody’s PCs and call them when they are detected as infected or malfunctioning, then there would have been a large promotion about this new service so everyone would know about it before it started. If you haven’t heard about it, then its most likely a scam or con. Simple lookup on Google can remedy any doubts.
4)Immediate response – Scams and cons are based upon getting you to think a particular way so the social engineering response will feel natural and done without you thinking about it. Much like some car salesperson that tries to convince you that you need to make the purchase today…..so you won’t have too much time to think about the deal and find out that it really isn’t such a good deal. No legitimate transaction that you are now hearing of for the first time and is “so important” requires an immediate response. An old saying applies well….haste does make waste.
5)Questions unanswered – Since scam and cons work by getting you to think a particular way, any deviation from this process can “bust” the scam. Deviation from the scam message is the best way to expose it for what it really is and stop it before it gets started. How do you deviate from the scam message….Interrupt and ask questions. Example: “I’m sorry, but who are you with and how did you get this number? When did Microsoft start calling people at home and how do you know my system is infected?” Or ask questions when there is no one to answer. Example: "Why would my brother send me an attachment with a message to “check this out” since he has never sent an attachment to me without an explanation of what it was?" If it appears different than what you have seen before, ask questions and when you don’t get a reasonable answer then leave it alone. If it is real and “important” you’ll will get the message again.
Thinking before acting has always been and still is the best way to prevent bad things from happening to you. No security software in the world can protect you from you.
I hope most readers find what I wrote redundant, but for those that don’t this info may save their bacon.
To find the best security software there is, take your hands and place them on your ears. You now have the best security software in your hands. That’s right, YOU are the best security software and unless you want to charge yourself, it’s free. How can this be true when you think that you know very little about security? Well, you know a way lot more than you think and all you have to do to put it into use is to think before you act.
The security I speak of encompasses your whole world and not just your PC. Sadly, there are people out there that have decided that the best way to make a living is to take from other people. I wish we could “fix” these misguided souls and solve the root cause of this problem, but I’m afraid the best any of us will be able to do is prevent us from being one that they took from.
Most, if not all, security threats that are directed at an individual rely totally on social engineering. Yes, there are security threats out there that do not rely on any social engineering; but such threats are so difficult and time consuming to do that they are only used when the “prize” is large such as a company. A hacker is not going to spend $1,500 and two months time to hack your bank account for $500. A hacker would rather spend $200 and a couple hours to send out a threat to a large number of people that totally depends on social engineering and hope that the social engineering will do the work for them.
What is social engineering? Social engineering is the first response the majority of people will take in a situation. Example: When we are talking to someone and they look away from us. The most common reaction is to look where they are looking. That act of looking where someone else is looking is a social engineering reaction. I used that social engineering for this post by the title I selected as another example of social engineering. You decided to read this post because you thought that I was going to post a link for the best free security software.
How do hackers use social engineering? Most people are secure and a hacker needs your help to take from you. A hacker uses a social engineering response to get you to “open the door” so they can take what they want. A common social engineering response is curiosity where you take an action you would normally not do, but because you want to know you take that action anyway. Example: an email with a virus attachment labeled “lost pictures of George Washington” or any title that would spike your curiosity to open it even though you know that you shouldn’t open email attachments from an unknown sender. Another example is calling and telling you that your PC is infected and lie to you that they are representing a company that you would trust. Your curiosity of what is wrong with your PC makes you willing to pay to find out. I could fill pages with examples of scams and cons that are based upon curiosity and social engineering. You do not need to learn about each and every different kind of scam and con based on this social engineering, but rather learn to recognize the common thread to all of these scams and cons that indicate it is a scam or con.
What are the common threads that indicate a scam or con?
1) They contact you – All these scams and cons start with the scammer contacting you. This includes emails, web sites, phone calls, snail mail, and in person. When this happens take time to think “Do I know them?” and “Why are they contacting me?”. Another important question to ask yourself is “If it appears to be someone I know, is this how they usually contact me?”. If you don’t know them or if it appears to be someone you know that is contacting you very differently than they usually do; then the answer to why they are contacting you is that they want something from you. If you response or continue with the contact just keep in mind that they want something from you. How they would normally contact you is a big give away that it is a scam or con. The IRS does not call you on the phone to tell you that you owe them money.
2)They require you to do something – In order for these scams and cons to work they require you to take some action to “open the door” for them. What they ask you to do will seem simple such as clicking a link or giving information that you know by heart. The more simple the task you have to do, the more likely you will do it without even thinking about it. Ever have a legitimate transaction that you completed with a single click or reciting your 9 digit US identification number? It doesn’t happen. The more simpler the task you are asked to do, the more likely that the task is the key component for a scam on you.
3) It’s the first time – People really are not stupid, so a scam and con only works one time on a person as the person doesn’t fall for that same scam the next time. That means the scams and cons you need to be on the lookout for are ones you have never seen before. These “new” scam will be based upon some new spin to get you to “open the door”. That means you should be very leery when the message (email, link, phone call, etc.) is something you have never heard of before. Legitimate changes in contact with you will be announced before they are enacted. For Example: If Microsoft was really going to monitor everybody’s PCs and call them when they are detected as infected or malfunctioning, then there would have been a large promotion about this new service so everyone would know about it before it started. If you haven’t heard about it, then its most likely a scam or con. Simple lookup on Google can remedy any doubts.
4)Immediate response – Scams and cons are based upon getting you to think a particular way so the social engineering response will feel natural and done without you thinking about it. Much like some car salesperson that tries to convince you that you need to make the purchase today…..so you won’t have too much time to think about the deal and find out that it really isn’t such a good deal. No legitimate transaction that you are now hearing of for the first time and is “so important” requires an immediate response. An old saying applies well….haste does make waste.
5)Questions unanswered – Since scam and cons work by getting you to think a particular way, any deviation from this process can “bust” the scam. Deviation from the scam message is the best way to expose it for what it really is and stop it before it gets started. How do you deviate from the scam message….Interrupt and ask questions. Example: “I’m sorry, but who are you with and how did you get this number? When did Microsoft start calling people at home and how do you know my system is infected?” Or ask questions when there is no one to answer. Example: "Why would my brother send me an attachment with a message to “check this out” since he has never sent an attachment to me without an explanation of what it was?" If it appears different than what you have seen before, ask questions and when you don’t get a reasonable answer then leave it alone. If it is real and “important” you’ll will get the message again.
Thinking before acting has always been and still is the best way to prevent bad things from happening to you. No security software in the world can protect you from you.