The CyberSafe at USPS team wants you to watch out for online scams that use “social engineering,” a term that describes a broad range of malicious activities used to trick users into giving away sensitive information.
There is no single technique to distinguish social engineering schemes from legitimate messages, but there are several clues you should watch out for: mismatched URLs, misleading domain names, poor spelling and grammar, requests for personal information or money, offers that seem too good to be true, requesting action on a task you didn’t initiate, and unrealistic threats.
Here are some methods used by cybercriminals engaged in social engineering:
• Phishing impersonates a real system or organization using email or social media to deliver attacks that attempt to trick users into providing sensitive information via fake links or attachments.
• Spear phishing is similar to phishing, but targets a limited number of users, like a specific individual or organization.
• SMShing is a form of phishing using cell phone text or instant messaging that appears to be from a legitimate source.
• Vishing uses phone calls and voice messages pretending to be from a reputable company to trick people into calling and entering their personal details.
• Pretexting uses fake identities, like impersonating a distant friend, and fabricates false circumstances to manipulate the receipt of information.
If you think you’ve been targeted by a social engineering threat, don’t forward the message. Instead, report the incident by calling 866-877-7247, using the “Report to CyberSafe” button in Outlook or by sending an email to CyberSafe@usps.gov.