Quiz #2:

Social engineering:
A peek behind the curtain

Cyber security awareness brought to you by the Canadian Bankers Association — Helping you stay cyber safe —

Cyber criminals often use human psychology and the art of manipulation to scare, confuse or rush you into opening a malicious link or attachment or into providing personal information through a process known as “social engineering.”

Social engineering tactics exploit our basic human urge to respond to urgent requests (especially requests from a person of authority), make a problem go away, or simply to be helpful to lure us into giving away information that can be used to commit financial fraud.

Major events such as public health emergencies, natural disasters and high‑profile elections, or even common occurrences such as the tax and holiday seasons, present ideal opportunities for fraudsters to take advantage of our anxiety and curiosity.

Often, but not always, criminals will also try to scare us into acting, by threatening us with consequences if we don’t respond.

Stay in the know!

The CBA publishes a regular Fraud Prevention Tip email newsletter. Sign up to learn about the latest frauds and scams.

How much do you know?

You receive a text with an offer for a lucrative job opportunity. You’ve been looking for a job recently, so it makes sense you’d get this text and this offer sounds great! You don’t need to worry that this is a scam.

True

Emails and texts that offer irresistible opportunities are very often scams. Be very skeptical.

False

Emails and texts that offer irresistible opportunities are very often scams. Be very skeptical.

Actually, that's incorrect.

That's right!

A member of your gaming community contacts you through the in-game chat to offer you free add-ons – just click the link! You should jump on this opportunity!

True

Suspicious links sent by text, through in‑game chats and by email can put malicious software on your device, steal your login details and passwords, and lead to personal information and your or your kids’ gaming assets being put up for sale. Don’t click that link.

False

Suspicious links sent by text, through in‑game chats and by email can put malicious software on your device, steal your login details and passwords, and lead to personal information and your or your kids’ gaming assets being put up for sale. Don’t click that link.

Actually, that's incorrect.

That's right!

When it comes to social engineering, scammers often use a common set of steps to launch a scam: research a common worry or method of attack, hook you with a believable story, extract your personal information or data and then exit the scam.

True

Cyber criminals will typically use a predictable cycle of steps when launching social engineering scams; although the types of scams may change, the lifecycle often stays the same. They will start by gathering the information they need to establish a relationship with their target. Once they’ve built a rapport with their target, they’ll extract personal information or money from their victim and quickly exit the relationship.

False

Cyber criminals will typically use a predictable cycle of steps when launching social engineering scams; although the types of scams may change, the lifecycle often stays the same. They will start by gathering the information they need to establish a relationship with their target. Once they’ve built a rapport with their target, they’ll extract personal information or money from their victim and quickly exit the relationship.

Actually, that's incorrect.

That's right!

Scammers will often use fear to motivate you to act on their scams. The use of threatening language in emails, texts and voicemails is a sure-fire way to spot a scam.

True

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

False

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

Actually, that's incorrect.

That's right!

The manager of your company sends you an email that includes their name and is addressed directly to you. They need you to urgently wire transfer a sum of money to a special account to pay an invoice for a project they are working on. You can feel confident that this is a legitimate request.

True

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

False

Cyber criminals can do their research on your company, personalize and then send a very authentic looking email with a request for payment on an invoice or a wire-transfer to fund a project. Always be on your guard. Urgent requests are also a major red flag of a phishing scam.

Actually, that's incorrect.

That's right!

CBA Resources

1. How to identify and avoid social engineering cyber attacks

1. How to identify and avoid social engineering cyber attacks

https://cba.ca/social-engineering

2. Teach your kids how to avoid online scams

https://cba.ca/teach-your-kids-how-to-avoid-online-scams

3. Online employment and job scams - how to recognize the red flags

https://cba.ca/
online-employment-scams-how-to-recognize-the-red-flags

What banks are doing to protect you from frauds and scams

Banks take extensive steps to protect your money and personal information and provide a wide range of fraud prevention information for customers. It is important to remember that fraudulent e-mails, voicemails and texts sent out by criminals may look and sound like they come from banks or retailers, but they are scams and should be reported to the company being spoofed and deleted.

To report a fraudulent email, be sure to send the email as an attachment.

The voice of more than 60 domestic and foreign banks

The Canadian Bankers Association is the voice of more than 60 domestic and foreign banks operating in Canada and their 280,000 employees. It also to provides governments and others with a centralized contact to all banks on matters relating to banking in Canada. The CBA advocates for public policies that contribute to a sound, thriving banking system to ensure Canadians can succeed in their financial goals.

The Association promotes financial literacy to help Canadians make informed financial decisions and sponsors two financial literacy seminar programs: Your Money Students and Your Money Seniors.

The Association also works with banks and law enforcement to help protect customers against financial crime and promote fraud awareness.

Social engineering:A peek behind the curtain

Cyber criminals often use human psychology and the art of manipulation to scare, confuse or rush you into opening a malicious link or attachment or into providing personal information through a process known as “social engineering.”

How much do you know?

You receive a text with an offer for a lucrative job opportunity. You’ve been looking for a job recently, so it makes sense you’d get this text and this offer sounds great! You don’t need to worry that this is a scam.

Emails and texts that offer irresistible opportunities are very often scams. Be very skeptical.

Emails and texts that offer irresistible opportunities are very often scams. Be very skeptical.

A member of your gaming community contacts you through the in-game chat to offer you free add-ons – just click the link! You should jump on this opportunity!

Suspicious links sent by text, through in‑game chats and by email can put malicious software on your device, steal your login details and passwords, and lead to personal information and your or your kids’ gaming assets being put up for sale. Don’t click that link.

Suspicious links sent by text, through in‑game chats and by email can put malicious software on your device, steal your login details and passwords, and lead to personal information and your or your kids’ gaming assets being put up for sale. Don’t click that link.

When it comes to social engineering, scammers often use a common set of steps to launch a scam: research a common worry or method of attack, hook you with a believable story, extract your personal information or data and then exit the scam.

Scammers will often use fear to motivate you to act on their scams. The use of threatening language in emails, texts and voicemails is a sure-fire way to spot a scam.

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

The manager of your company sends you an email that includes their name and is addressed directly to you. They need you to urgently wire transfer a sum of money to a special account to pay an invoice for a project they are working on. You can feel confident that this is a legitimate request.

Sending threatening or intimidating emails, phone calls and texts that appear to come from an authority figure such as a police officer, the tax department or a bank is a common technique used by social engineers to scare you into acting on their demands for personal information or money.

Cyber criminals can do their research on your company, personalize and then send a very authentic looking email with a request for payment on an invoice or a wire-transfer to fund a project. Always be on your guard. Urgent requests are also a major red flag of a phishing scam.

CBA Resources

1. How to identify and avoid social engineering cyber attacks

1. How to identify and avoid social engineering cyber attacks

2. Teach your kids how to avoid online scams

2. Teach your kids how to avoid online scams

3. Online employment and job scams - how to recognize the red flags

3. Online employment and job scams - how to recognize the red flags

What banks are doing to protect you from frauds and scams

The voice of more than 60 domestic and foreign banks

Social engineering:
A peek behind the curtain