THE BLOG
12/11/2014 12:44 pm ET Updated Feb 10, 2015

Social Engineering: 9 Ways to Keep Your Identity Safe

If you're feeling a little paranoid about identity theft, your concerns are justified. You're not being paranoid; these threats are real. A new generation of intruders and hackers stemming from megatrends like BYOD, mobility, cloud computing and Internet usage introduce consumers to a multitude of new risk. These thieves are on the lookout for ways to gain access to your valuable personal information that they can use for their own financial gain. Oftentimes, in fact more frequently than you might guess, thieves get through by social engineering.

Social engineering is the practice of deceiving someone — in person, over the phone, or by using a computer — with the express intent of breaching some level of personal or professional security. Social engineering techniques are con games performed by con artists. And once these con games have started, they can be difficult to detect and stop. In fact, the targets of social engineering may never realize that they have been victimized.

Criminals use social engineering tactics because they are easier than finding ways to hack into your bank or email account. Social engineering tactics take advantage of your natural inclination to trust. All a criminal needs to get started is a tiny bit of information, information that might be public knowledge or that you might innocently share. A criminal may need nothing more than a Facebook post identifying your location and family members or a weak password. Social engineering happens when people are too trusting or when they don't think about the consequences of being careless with information.

You can protect yourself from social engineering techniques by following these tips:

  1. Don't respond to ANY email or social network post or message that asks for money or confidential information. Thieves can hack email and social network accounts, and then pose as a friend or family member to gain your trust.
  2. Don't assume that an unsolicited phone call or email is actually from a trusted source. Just because the caller or writer has bits of information about you or your past activities doesn't mean the correspondence is legitimate.
  3. Verify, verify, verify. If someone calls or sends an email informing you there is a problem with your online banking account or credit card account, don't act on it. If it's a phone call, Hang up and call the financial institution or credit card issuer directly. If it's an email, delete it (don't open any attachments) and then check the account directly instead.
  4. Be conscious of what can be learned about you. Many kinds of online accounts, including online banking, use challenge questions as part of their security systems. Choose answers that are known only to you and that can't be found online. Remember, even the most innocent email attachments can be infected with computer malware. If you aren't sure the file came from a legitimate business, charity or person, don't open it.
  5. Be aware of the information you're sharing -- both verbally and through social media sites.
  6. Do not provide personal information or information about you or your family unless you are certain of a person's authority to have the information.
  7. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  8. Make good use of your shredder. Shred anything with any kind of personal data on it, especially if it has financial information.
  9. Consider enrolling in a credit monitoring service. Be on the lookout for both identity theft and credit card fraud by checking your account balances and credit scores regularly.
Stopping targeted identity theft takes education and vigilance. People who succeed at social engineering aren't evil geniuses outsmarting expensive technological defenses. Instead, these criminals sometimes pretend to be earnest and unassuming. They ask a lot of questions and use the answers to commit their crimes.

The weak link is the human who accepts the person or scenario at face value. It doesn't matter how many locks and deadbolts are on your doors and windows, or if you have guard dogs, floodlights, alarm systems and fences with barbed wire. If you trust the person at the gate who says he is the appraiser sent by your insurance company and you let him in without first checking to see if he is legitimate, you are exposing yourself to unnecessary risk.

Given this reality, the solution is simple: be vigilant and never let your guard down. Resources like Credit Sesame, where you can monitor and protect your credit and identity for free, can help you limit the impact of identity theft and protect your financial standing.

Remember to be smart about protecting your information as much as possible. Identity thieves use it to steal; without it, they can do nothing.