Skip to main content
Ask the Experts

Dotcom detective

When using my email, iPhone and social media, how do I really know who is on the other end?

This question is generational, with people trying to guard against being fooled by someone, or worse. Our parents worried about anonymous phone calls and chain letters. The advent of high-tech devices has allowed everyone to rapidly communicate with you, including the wrong people. It is no longer enough to see a return email address or account name, since these are too easily acquired or faked. Today, you need to have some basic detective tools to protect yourself.

Social engineering is now the weapon of choice for cyber criminals and hackers, eclipsing automated software methods of penetrating exploits in a computer network. It specifically targets the weakest link in the chain – which is you. The term refers to the process of manipulating human decision-making processes, known as cognitive biases, which are often referred to as ‘bugs in the human hardware’.

The purpose of social engineering is to steal personal identities and information, financial details, and passwords. This data can then be sold on to unscrupulous buyers or used to gain access to your accounts for financial gain.

One of the most common forms of social engineering is phishing, a technique which involves the mass dissemination of genuine looking emails which appear to be from banks, airlines, businesses or credit card companies. The emails are fake, with fraudulent links in them which, if clicked, will send you to a bogus website designed to steal your credentials or download malware to your system. Make sure you know who and where emails come from, do not click any unless you are sure they are secure URLs (https). There has been a shift in companies towards using secure URLs to increase Internet security

Facebook is even more insidious as it relies on you knowing the person sending you the message or sharing the link. Tens-of-thousands of FB accounts are hacked every day to propagate clickbait and malware. People are not even aware that their accounts are being used to deceive others into clicking these duplicitous links. Get out of the habit of blindly clicking everything that appears on your timeline, regardless of who it is from.

Twitter is a similar platform with similar problems, due to instant nature of posts or tweets, nasty things can spread fast. Know where your tweets are coming from, only follow those that you know are safe, and as before click with care.

Text messages are a little harder to spoof as they are assigned to a mobile number, so you may recognize who is texting you. Here too, numbers can be spoofed. You will probably get spam SMS messages now and then, usually from your mobile provider, so just delete them. Never divulge any personal or financial information over the phone unless you are 100% sure who is asking for it.

With a few basic precautions such as changing your passwords now and then and being more careful what you click you can reduce the risk of being a victim of social engineering. The technique relies on you being the vulnerability.

The intellect is always fooled by the heart…

Francois de La Rochefoucauld.

Written by John Regan, former Director of Sales, for equity research.