Jeff | 
05 22nd, 2009| 
A while ago I wrote about some of the fake antivirus pop-ups and rogue programs that cause many of the computer problems that we see. This post is very closely related, but more generalized. Social engineering is, in short, a means to get people to do something they wouldn’t otherwise do….such as install a virus onto their computer, or send banking information to a complete stranger.
One of the latest examples of social engineering that I’ve run across is an e-mail, falsely saying that your antivirus subscription has expired. If you don’t know how to check, you may think nothing of the e-mail and follow the link. Unfortunately, the end result is that you’ve just clicked a link to infect your computer.
Dear (insert email address here),
You are receiving this message to let you know that your antivirus is outdated.
We request that you execute a full system scan at your earliest convenience by clicking on this link.< hXXp://nonce.IaV8QJP.fullhourinternet.com/scan/>
Non compliance may result in possible fraud on your credit cards, data loss, as well as spyware infection
Kind Regards,
Liz
Antivirus Customer Service #77
The more official the e-mail, or message, looks the more likely people are to believe it. Often the scammers will use very official looking images. Sometimes the message will try to look like an official message from a bank or credit card, antivirus software, or other online services.
Generally, social engineering as a whole is too broad a problem to give specific examples on how to avoid becoming a victim. Some things to remember, though; Almost every online service WILL NOT ask for your password through e-mail. Unless you specifically request it, your bank or credit card company will not communicate through e-mail. If you do have online accounts, and you’re suspicious, don’t follow the links in the e-mail; Go to the website directly.
A very handy tool, to help prevent scam attempts, is WebOfTrust. With this browser add-on, you will be warned if the website you’re viewing is potentially dangerous before visiting. Combined it with Firefox’s already built in ability to check attack sites, and cautious surfing, you’re much less likely to find yourself a victim of a social engineering scam.