A social engineering attack is when
someone tries to trick you into doing something dangerous. Like downloading
malicious software or sharing personal information, such as user name
and password or your credit card details. How to identify social engineering emails.
Social engineering attacks typically happen through email, ads, or on websites
that look similar to sites you already use. Social engineering emails look like
they’re from a legitimate source, such as your bank or Google, but they’re not. Never send personal information over
email unless you’re absolutely sure who you’re sending it to. Don’t use the reply
address in the message since it can be forged. Instead, visit the official
website of the company in question and find a different contact address.
Legitimate sites, like Google or your bank, will never send unsolicited
messages asking for your password or financial details. If you are getting an email asking for this information be
suspicious and don’t download any attachments unless you are sure of
their origin. How to avoid social engineering attacks on the web. A website cannot detect if your machine
is compromised. If the site says you have a security issue or infection and ask
you to download software, be sure to download the software from a reputable
download source. When visiting a web page pay close attention to the page’s URL.
Attackers will often make this URL look similar to a genuine site. Before you
enter any personal information on a web page check the URL to make sure it
starts with HTTPS. The S indicates that the connection is
encrypted and secure. Look for browser warnings. Some browsers, like Google
Chrome, will warn you if the site you’re trying to visit is suspected of social
engineering or malware. Pay attention to these warnings and think twice before
entering personal information. For more tips on how to protect yourself from
social engineering attacks, visit the Google Safety Center.