Note: all links are in red to offer you more information and make them more noticeable for you.
First, let's define social engineering:
Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.
Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.
Some online criminals find it easier to exploit human nature than to exploit holes in your software. That is to say, they would rather trick you into giving up information than trick your computer because it's easier.
New scams appear daily. To keep up with the latest scams, check Microsoft's fraud section HERE. You can also learn to familiarise yourself with some of the more obvious telltale signs of a scam.
Scams can contain the following:
- Alarmist messages and threats of account closures.
- Promises of money for little or no effort.
- Deals that sound too good to be true.
- Requests to donate to a charitable organisation after a disaster that has been in the news.
- Bad grammar and misspellings.
Scams that use the Microsoft name or names of other well-known companies. These scams include fake emails or websites that use the Microsoft name. The email might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.) For more information, see Avoid scams that use the Microsoft name fraudulently. This also applies to AOL, Norton, IBM, Facebook, and your bank among others.
Lottery scams. You might receive emails that claim that you have won the Microsoft lottery or sweepstakes. These emails might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the email. For more information, see What is the Microsoft Lottery Scam? This also applies to the Nigerian 419 scam and so many others.
Rogue security software scams. Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not. For more information, see Watch out for fake virus alerts.
The bottom line to social engineering is to at least recognize certain principles: poor spelling and grammar, scare tactics, you may not know the sender or it would be unusual to receive an email from them, the email contains a link that you are not familiar with and that you didn't solicit, and more. A great trick is to hover your mouse over a link to see if the actual link matches the information given.
Here is a great visual to demonstrate the items in an email that should set off warning bells and BIG RED FLAGS.