CAUTION, it’s a trap: What is Social Engineering?

What is social engineering, and how did that come into existence?

Social engineering or “human attack” is a set of psychological and sociological techniques, approaches and methods that make it possible to obtain confidential information.

“Hi! I ended up in a difficult situation. Can you borrow 50 euros?” Have you received such messages on social networks from your “friends”? This means that you have already encountered social engineering. Cybercriminals are increasingly using such techniques to steal valuable data (including your finances) because the human factor is still a weak link in any security system.

Cybercriminals who use these techniques in practice are called social engineers. When trying to access a system or valuable data, they exploit the most vulnerable link: the person. The simplest example is a phone call. An attacker pretends to be someone else, trying to obtain confidential information from the caller, playing on the person’s feelings, tricking or blackmailing him. Unfortunately, many people continue to be hooked on such fishing lines and trustingly tell social hackers whatever they need. And the scammers have a lot of techniques and tricks in their toolbox. We will talk about them a little later.

Nowadays, social engineering has become strongly associated with cybercrime, but this concept appeared a long time ago and originally did not have a pronounced adverse meaning.

People have been using social engineering since ancient times. In ancient Rome and ancient Greece, for example, there was great respect for specially trained orators who were able to convince their interlocutors that they were “wrong.” These people participated in diplomatic negotiations and worked for the good of their state.

By the early 1970s, telephone hooligans began to appear many years later, disturbing the peace of citizens just for fun. But someone figured out that this was an easy enough way to get important information. And by the end of the 1970s, former telephone hooligans had become professional social engineers, capable of masterfully manipulating people, identifying their complexes and fears by mere intonation.

When computers came along, most engineers changed their profile, becoming social hackers, and the terms “social engineering” and “social hackers” became interchangeable.

Good examples of Social Engineering

Sometimes all you have to do is ask. One example is the $40 million theft from The Ubiquiti Networks in 2015. No one hacked into the operating systems or stole data – it was the employees themselves who broke security rules. Fraudsters sent an email in the name of the company’s top executive and asked backers to transfer a large sum of money to a specified bank account.

You may have seen “Catch Me If You Can,” based on the true story of legendary con man Frank William Abagnale, Jr. In five years of criminal activity, his counterfeit checks totaling $2.5 million ended up circulating in 26 countries around the world. While fleeing prosecution, Abagnale showed amazing skills in impersonating a pilot, a sociology professor, a doctor, and a lawyer.

And did you hear how Victor Lustig not only filled the U.S. with counterfeit bills and left Al Capone “fooled” but also sold the Eiffel Tower, the treasure of Paris? (Twice, by the way). All this was made possible by social engineering.

These real-life examples of social engineering show that it easily adapts to any conditions and any environment. By playing on a person’s personal qualities or lack of professional qualities (lack of knowledge, ignoring instructions, and so on), cybercriminals literally “hack” a person.

The most popular methods of Social Engineering

An attack on a person can be performed in many scenarios, but hackers use a few of the most common techniques.


The method of collecting user credentials for authorization is usually mass email spamming. In a classic scenario, the victim receives a fake email from some well-known organization asking him to click a link and log in. To gain credibility, the scammers make up some serious reasons for clicking on the link: for example, they ask the victim to renew the password or enter some information (name, phone number, bank card number, and even a CVV code).

And it seems like the person does everything as it says in the letter, but… he’s caught! The criminals have thought of his every move, which is why they can get people to do what they want.


The virus is named after the Trojan horse from the Greek myth for a reason. Only the bait here is an email message that promises quick profits, winnings, or other “mountains of gold” – but the result is a virus through which attackers steal the data. Why is this type of data theft called social engineering? Because the virus creators know how to disguise the malware, you will surely click on the right link, download and run the file.

Quid pro quo.

Using this technique, the attacker pretends to be a technical support employee and offers to fix problems in the system, although in reality, there are no problems with the software. The victim believes that the problems exist and, following the hacker’s instructions, personally grants him access to important information.


Another technique used by cybercriminals is called pretexting (a scripted action). To obtain information, the criminal pretends to be an associate of yours who supposedly needs your information to perform an important task.

Social engineers pretend to be bank employees, credit services, technical support, or your friend, relative – someone you trust by default. To appear more trustworthy, they give the potential victim some information about her: name, bank account number, the real problem she had previously contacted the service with.

Reverse Social Engineering

The technique aims to get the victim to come to the social engineer himself and give him the necessary information. This can be accomplished in several ways:


Attackers may advertise their services as computer wizards or other specialists. The victim contacts the hacker himself, and the criminal not only works technically but also extracts information through communication with his client.

Implementing special software

At first, the program or system is working properly, but then a failure occurs, which requires the intervention of a specialist. The situation is set up so that the specialist who will be approached for help is a social hacker. By fixing the software, the hacker performs the necessary manipulations for the hack. And when the hack is detected, the social engineer remains above suspicion, telling that he helped you.

How to protect yourself?

If you do not want to become another victim of social engineers, we recommend the following rules of protection:

  • Don’t use the same password to access external and corporate (work) resources.
  • Install antivirus – all major antivirus programs have built-in malware checks.
  • Do not work with important information in front of other people. Scammers can use the so-called shoulder surfing – a type of social engineering when the theft of information takes place over the victim’s shoulder – by peeking.
  • Remain skeptical and alert. Always pay attention to the sender of emails and the site’s address where you are going to enter some personal data. If it is a mail on the domain of a large organization, make sure the domain is the same, and there are no typos. If in doubt, contact the technical support or a representative of the organization through official channels.
  • Don’t go to suspicious sites or download suspicious files because one of the best social engineering helpers is curiosity.
  • Familiarize yourself with your company’s privacy policy. All employees should be instructed on how to deal with visitors and what to do if an illegal intrusion is detected.

We hope that our post will help you protect yourself from scammers. We are always ready to share our useful experiences!

Securing Files & Directories using ACLs in Linux

Our top priority is to secure and protect data from unauthorized access. We are all aware of the permissions we set using some handy Linux commands like chmod, chown & chgrp. However, these default permissions sets have some limitations and at times do not work to meet our requirements. For example, we cannot set different permissions sets for different users on the same directory or file. This is where Access Control Lists (ACLs) come into place.
Linux Access Control Lists
Let’s say, you have two users, ‘user1‘, and ‘user2‘. Each having a common group say ‘qhgroup’. User ‘user1‘ want that only ‘user2‘ user can read and access files owned by ‘user1‘ and no one else should have any access to that.
ACLs (Access Control Lists) enable us to do the above trick. These ACLs allow us to grant permissions to a user, group, and any set of users that are not in a user’s group list.

How to Check ACL Support in Linux Systems

Before proceeding, you must have support for ACLs on the current Kernel and mounted file systems.
Run the following command to check ACL Support for file system and POSIX_ACL=Y option (if there is N instead of Y, then it means Kernel doesn’t support ACL and needs to be recompiled).
[root@quantumhost ~]# grep -i acl /boot/config*


Install Required Packages

Before starting playing with ACLs make sure that you have the required packages installed. Assuming you are on a Debian based system
[root@quantumhost ~]# apt-get install nfs4-acl-tools acl


Check Mounted File System for ACLs Support

Now, check the mounted file system that whether it is mounted with the ACL option or not. We can use ‘mount‘ command for checking the same as shown below.

[root@quantumhost ~]# mount | grep -i /dev/sda1

/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)

But in our case ACL is not shown by default. So, following we have the option to remount the mounted partition using the ACL option. But, before we continue, we have one more option to make sure the partition is mounted with the ACL option or not, because for the recent system it can be integrated with the default mount option as this is in our case.
[root@quantumhost ~]# tune2fs -l /dev/sda1 | grep acl
Default mount options: user_xattr acl
In the above output, you can see that the default mount option already has support for ACL.

Before Setting Default ACLs
To determine the default ACLs for a specific file or directory, use the ‘getfacl‘ command. In the example below, the getfacl is used to get the default ACLs for a folder ‘Music‘.
[root@quantumhost ~]# getfacl Music/

# file: Music/
# owner: root
# group: root

Setting Default ACLs
To set the default ACLs for a specific file or directory, use the ‘setfacl‘ command. In the example below, the setfacl command will set a new ACLs (read and execute) on a folder ‘Music’.
[root@quantumhost ~]# setfacl -m d:o:rx Music/

Show permissions after setting the ACLs

[root@quantumhost ~]# getfacl Music/

# file: Music/
# owner: root
# group: root

How to Set New ACLs on a File

Use the ‘setfacl’ command for setting or modifying on any file or directory. For example, to give read and write permissions to user ‘user1‘ on a file.
# setfacl -m u:user1:rw /user1/file

How to Set New ACLs on a Folder

Use the ‘setfacl’ command for setting or modifying any file or directory. For example, to give read, write and execute permissions to user ‘user1‘ on a folder recursively.
# setfacl -Rm u:user1:rwx /user1/folder

How to View ACLs

Use the ‘getfacl‘ command for viewing ACL on any file or directory. For example, to view ACL on ‘/user1/file‘ use below command.
# getfacl /user1/file

# file: /user1/file
# owner: user1
# group: user1

How to Remove ACLs

For removing ACL from any file/directory, we use x and b options as shown below.
Remove only specified ACL from file/directory;
# setfacl -x ACL file/directory

Removing all ACL from file/directory

# setfacl -b file/directory

: After implementing ACL, you will see an extra ‘+‘ sign for ‘ls –l’ output as below.
[root@quantumhost user1]# ls -la

total 4
drwxrwx---+ 2 user1 user1 4096 Apr 17 17:01 file

Mitigate attacks with iptables, fail2ban and ipset

In this short article, we will describe useful steps to prevent attacks and other malicious attempts.

Assuming we do the configuration on a Debian-based system.

First of all, we need to install the necessary tools
apt-get install ipset iptables-persistent fail2ban

Let’s start adding some rules to iptables.

Drop invalid packets to the mangle table
iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP

Drop TCP packets that are new and are not SYN
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP

Drop SYN packets with suspicious MSS value
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP

Block packets with bogus TCP flags
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP 
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

SSH brute-force protection
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Protect against port scanning
iptables -N port-scanning 
iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN 
iptables -A port-scanning -j DROP

Save the rules to the iptables start-up config
/sbin/iptables-save > /etc/iptables/rules

Let’s take a look at fail2ban

Enable fail2ban on startup and start the service
systemctl enable fail2ban
systemctl start fail2ban

Now we need to setup ipset and his blacklist

Create blacklist with ipset utility (once)
ipset create blacklist hash:ip hashsize 4096

At this stage we have ipset blacklist create.

It’s time to set more iptables rules to match with blacklist and drop traffic
iptables -I INPUT -m set --match-set blacklist src -j DROP
iptables -I FORWARD -m set --match-set blacklist src -j DROP

Don’t forget to save the rules to the start-up config

/sbin/iptables-save > /etc/iptables/rules

Now you can manually fill the blacklist

Take a look in /var/log/fail2ban.log to see who attempted to get access to your server.

tail -40 /var/log/fail2ban.log

Add a specific IP address to your newly created blacklist
ipset add blacklist <write here the ip you want block>

That’s it. If you want to check which IP addresses are on your list
ipset list blacklist

At this point, we have decent security for common script kiddies. But if we want to have more view on our connections we need to use the ss command:

Usage: ss [ OPTIONS ]
 ss [ OPTIONS ] [ FILTER ]
 -h, --help this message
 -V, --version output version information
 -n, --numeric don't resolve service names
 -r, --resolve resolve host names
 -a, --all display all sockets
 -l, --listening display listening sockets
 -o, --options show timer information
 -e, --extended show detailed socket information
 -m, --memory show socket memory usage
 -p, --processes show process using socket
 -i, --info show internal TCP information
 -s, --summary show socket usage summary
 -b, --bpf show bpf filter socket information
 -E, --events continually display sockets as they are destroyed
 -Z, --context display process SELinux security contexts
 -z, --contexts display process and socket SELinux security contexts
 -N, --net switch to the specified network namespace name

-4, --ipv4 display only IP version 4 sockets
 -6, --ipv6 display only IP version 6 sockets
 -0, --packet display PACKET sockets
 -t, --tcp display only TCP sockets
 -S, --sctp display only SCTP sockets
 -u, --udp display only UDP sockets
 -d, --dccp display only DCCP sockets
 -w, --raw display only RAW sockets
 -x, --unix display only Unix domain sockets
 -f, --family=FAMILY display sockets of type FAMILY
 FAMILY := {inet|inet6|link|unix|netlink|help}

-K, --kill forcibly close sockets, display what was closed
 -H, --no-header Suppress header line

-A, --query=QUERY, --socket=QUERY
 QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]

-D, --diag=FILE Dump raw information about TCP sockets to FILE
 -F, --filter=FILE read filter information from FILE
 STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}
 TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}
 connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
 synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}
 bucket := {syn-recv|time-wait}
 big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}

Check who is connected at the moment to your server with ipv4
ss -t4 state established = check who is connected at the moment to your server with ipv4

Security exercises from QuantumHost: how to shield your organization from phishing

If you have received emails about fabulous winnings or have received calls from suspicious bank employees to find out the code from a text message, know this: this is phishing, an attempt to steal your data or money through malicious links. It can affect both individuals and large companies and have serious consequences.

We’ve written a long read on how scammers operate and what to do to avoid falling into their traps. In the end, you’ll find a list of recommendations on how to keep yourself and your employees safe.

What is phishing?

“Phishing” derives from the English word phishing, consisting of the words fishing and password. It is one of the most widespread types of internet-fraud, where the aim is to get identity data.

Phishers’ actions can lead to consequences of different severity: from an innocent banner on your PC to the company’s content loss without the possibility to recover it.

The main goal of phishing is to steal something valuable, use it for their benefit, or compromise or disrupt someone else’s business.

What phishers usually target:

  • Personal data, including passport data;
  • logins and passwords of all kinds;
  • data for logging in to individual accounts;
  • databases;
  • access codes;
  • personal correspondence;
  • bank card or account details;
  • proprietary information;
  • other sensitive information, etc.

Types of phishing

If you hear someone call you “smishing” or “vishing,” just know that they are not laughing at you. Both are different forms of phishing. Let’s understand the terminology.

Phishing is divided by the target of the attack:

  • Spear phishing – attacks on individuals.
  • Whaling is phishing on a large scale. The main target here is fishes of large companies, high ranking officials.

According to the channels of attack, phishing is divided into:

  • Phishing itself – sending messages with infected or fake sites. This is a general term for all phishing types.
  • Vishing – phishing attacks via phone calls.
  • Smishing is attacking via SMS.
  • Pharming is when the user is secretly redirected to an infected site without his/her knowledge.
  • Sending fraudulent messages to social networks.

Let’s analyze the types of phishing and find out how to protect employees and the company from it.

Phishing emails

A strange letter arrives in your mail informing you that you’ve won, asking you to go somewhere and enter your data, etc., urgently. This is how scammers play on emotions: unexpected joy, fear, curiosity.

Many such “chain letters” end up in the “spam” folder, but some manage to make it to your inbox. You can’t entirely rely on the anti-spam mail system; you must always be on the lookout.

Signs of a phishing email

  • No sender’s name or contact information.
  • The sender’s address consists of a meaningless set of letters.
  • The email is from a large organization, but their real website does not contain the sender’s address.
  • The sender introduces himself as an employee of the company, but he doesn’t write from a corporate email account but a regular one like
  • Hovering over a button or link in the email shows the wrong address in the page’s lower-left corner.
  • There are unusual symbols in the link address, e.g., @.
  • The attached files have an unknown extension and/or incomprehensible name.
  • Links are not inserted in the text but disguised by images, buttons, bright pictures, and QR-codes.

What phishing emails typically contain?

Let’s talk about the subjects of malicious emails. Note that this is not a complete list of all possible phishing scenarios: phishers are very creative and are always coming up with new ways to lure your data. Malicious buttons and links in such emails either trigger viruses or lead to pages where you enter essential data yourself.

  • Someone has hacked your email and learned your password / We found suspicious or fraudulent activity on your account / someone has changed your email security settings.
  • Your account has been blocked, or disabled / You’ve been added to our blacklist: We realized you’re a fraud or a bot!
  • You have an important document from the tax office, police, credit organization, etc. There are files with unknown extensions and strange names attached to the letter.
  • An email from your colleague/partner with documents or “important working” links.
  • You have won a prize! Follow the link to find out the terms of receipt and/or delivery.
  • You didn’t repay the loan – the case goes to court.

The most important rule:

Please do not follow the links in such letters, do not click on pictures, no matter how attractive they may look, do not enter your data on unknown pages!

Phishing sites

Links in phishing emails usually lead to malicious sites.

What sites are commonly spoofed:

  • Banks and microfinance institutions;
  • Payment services;
  • Search engines and email services;
  • Pages with authorization and payment forms in online stores;
  • Airlines, etc.

How to identify phishing sites:

Strange or suspicious domain name

To confuse the victim, scammers register domain names similar to the names of large organizations. But if you look closely, the inconsistencies will be apparent: look at the second-level domain. For example, instead of, a phishing site will be called If in doubt, search for the original website and compare the addresses – so you’ll know if you’ve gotten to scammers.

Mistakes, typos, and oddities in design and layout

Everything on the page “jumps” and runs over each other, somewhere there is missing text, and somewhere whole sentences are written in a capsule. Gross spelling errors are mixed with calls to enter, type, click and buy. As a rule, such sites are phishing sites – large organizations, which the scammers masquerade as, cannot afford to look so sloppy.

You can always check a suspicious site for the authenticity and the presence of viruses and spam. Use the right service for you, such as:

  • AVG Threatlabs,
  • Google Transparency Report,
  • ScanURL,
  • PhishTank,
  •, and more

Phishing Calls: Vishing

How vishing, a voice phishing method, works:

  • A “bank employee” or security officer calls you, tells you about suspicious transactions on your card and offers to name the data from a text message. A real bank employee will not do this: these are scammers.
  • If you advertised for sale, for example, on “Avito”, you probably received a call from “buyers” asking for your card data to transfer the prepayment. This is also one of the vishing schemes.

Phishing via SMS: smishing.

What this type of phishing usually looks like:

  • You receive a message or an email informing you of a problem: something is wrong with your card or identity, someone has tried to charge your account, etc. To find out what the problem is, you need to call the number given in the message.
  • You have received a text message from an unknown person with a link: most likely, they are fraudsters. Don’t follow links in messages!
  • An SMS is received as if from an employee of a company, state services, or tax authorities, but the number is not official but private. Do not believe the message: these are scammers.

Phishing in social networks

What it usually looks like:

  • You receive a personal message that urges you to watch a provocative video starring you, learn something interesting, vote or leave a comment. The scammer sends you a link and wants you to click on it. There you go, your details or get a virus on your device.
  • Scammers hack communities of large companies, post articles with malicious links on the page wall, and collect a data harvest from its subscribers.
  • The “administrator” of the group you belong to writes to you and tells you that you have won a prize. But to get it, you have to pay for insurance or shipping. These are scammers, don’t pay anything, don’t reply to messages, and block the user.
  • And the most common: an acquaintance writes to you and asks for a loan or to vote for him in a talent contest or children’s drawing. Don’t reply to messages. Call this person right away and find out if they wrote to you on the social network.

Types of cyber attacks on companies

Attacking a company through employees

The scheme is simple: fraudsters launch a mailing to an employee of a large company, and the latter, forgetting about security, for example, clicks on a malicious link from his work device. Your employee could fall into any of the traps we described above and accidentally gave attackers access to corporate accounts and information. To prevent this from happening, educate your employees, conduct computer security training. And be sure to provide them with the memo from the end of this article.

Ransomware and other Trojans

These are hazardous viruses that can infiltrate your system in various ways, including through phishing emails. This is how scammers prey mainly on corporate clients, large companies, or government organizations. The Trojan gets into the computer and encrypts all of its contents, after which the scammers demand a payoff to restore the data.


These viruses read the information you type on your keyboard and can steal a wide variety of data. Keyloggers can be brought in by clicking on a link from a phishing email or using physical media unverified by antivirus: a thumb drive or a disk.

Attacks on cloud storage

Since many large companies use cloud services such as Google Drive or OneDrive, scammers began to attack them as well. Lots of information, corporate data, databases, and personal information are all at risk. The user is often tricked into going to a phishing site that completely mimics a personal account login page, where the person enters his or her access data.

Programs to protect your data


Installing an antivirus is a prerequisite for the security of your devices and those of your company. All major antivirus programs have built-in phishing scanning. All you have to do is set it up and turn it on. Install antivirus software on your smartphone and PC and provide all your work computers with this protection. And don’t forget about timely updates.

You can choose any proper antivirus for cost and functionality.

How not to get phished. Security measures in a company

  • In our opinion, the most important thing: take cyberattacks seriously yourself and teach them to all your employees.
  • Use only two-factor authentication for company accounts. This is a method of identifying a user by two types of parameters; one thing he physically has with him and one he knows. For example, you need to enter your username and password first, and then a code from a text message or email. Less often, biometric data or a special USB-key.
  • For vital accounts, such as access to EDI systems and accounting programs, use eToken – a real security key.
  • Move your site to a secure protocol: HTTPS. It is better to use paid SSL-certificate; it minimizes the risk of hacking. “I’m in business and don’t understand what SSL-certificates are.”
  • When uploading content to the site or backing up, the site data use encrypted SFTP or FTPs protocol instead of open FTP.
  • Delete all irrelevant and unused accounts.
  • Use business security services; we talked about them above.
  • Regularly update passwords to employee email accounts, corporate accounts.
  • Forbid employees from keeping passwords in plain sight.
  • Regularly back up your content, especially the information on your site and cloud storage sites.
  • Immediately react to even the slightest hint of suspicious activity: change passwords, block fraudsters, and perform in-depth antivirus checks.

Drastic measures.

They will not suit everyone, but some companies successfully use them.

  • Block access to social networks on work devices.
  • Block all disk drives and USB connections of work computers.

What to do if you get trapped?

So, the scammers finally convinced you: you fell for their trap. What you can do:

  • Run an antivirus scan on your computer and smartphone.
  • Change your stolen password as soon as possible. If you use it for multiple accounts, change your password for them, too.
  • Set up two-factor authentication.
  • If you gave your card information or a code from a text message, call the bank at the phone number on your card. It will be blocked to protect it from money theft and check for potentially dangerous transactions.

If you want to protect other users from the actions of scammers, report their activities.

Rules for employees: a checklist

We suggest that you distribute this checklist to all employees in your company.

Protect your social networks

  • Do not click on suspicious links.
  • Don’t enter data from a page on third-party resources.
  • Don’t give your smartphone to strangers.

General rules

  • If you receive messages in social networks from a bank or other organization’s account, check the account on the official site or by phone from the bank/company. If there is no such account, do not reply to messages and block the suspicious account.
  • Do not trust those who ask you for money on social networks, even if the request came from your friend. Call the person from whose page the message came, and clarify whether he needs money. If not – don’t reply to the fraudster, block him and complain to the social network security service.
  • Check all the files which come in personal messages. If there is a book attached but with an .exe extension, it’s strange – don’t open the file.
  • Check periodically to see when your account was last active. If you become suspicious, end all active sessions and change your password.


  • Read about Facebook’s security features.
  • Set up two-factor authentication.
  • If you suspect you’ve been hacked, use the instructions.


  • Read Instagram’s security tips.
  • Set up two-factor authentication.


  • Read Twitter’s security tips.
  • Set up two-factor authentication.

You received a strange email 

  • Do not click on links in emails from strangers, do not click on pictures or buttons.
  • If the sender presents himself as an employee of the company but writes not from the corporate mail but ordinary, do not open the letter.
  • Do not believe in promises of sudden winnings, and do not fall for attempts to intimidate you.
  • Do not open attachments from strangers’ emails, no matter how tempting they may look. Do not download files like *.exe, *.scr, *.bat, *.vbs.
  • If you see a strange address in an email, e.g., with an error in the domain name, delete it.

A strange person calls you.

They may be calling you as a bank teller, a customer looking to buy something you have advertised, a company representative saying you have a big win, etc.

  • Don’t give your bank card data, mainly your CVC code, to anyone, especially over the phone to a stranger.
  • If you’ve already received a text message with the code, don’t give it to anyone, especially a “bank employee” – real bank employees won’t ask you for such data.
  • End the conversation. If the person introduced themselves as a bank employee, call your bank, outline the situation, and give the scammer’s phone number for verification.

You have found yourself on a suspicious site

  • Do not click on links, do not click on suspicious and shouting pictures and buttons.
  • Don’t believe the promises of sudden winnings, and don’t be caught up in these attempts to intimidate you.
  • If the site is unkempt, screaming, with gross mistakes in the text and lots of notifications, pop-ups, and calls to proceed or leave data, it’s probably a phishing site. Close the tab and don’t return to it.
  • Before you enter your details on a site, make sure it’s the right site: clones sometimes look very similar to the original. Check the address several times. If something about it confuses you, close the tab.
  • Sign up and buy only on sites with SSL-security certificates and two-factor authentication. To access your account, you will be checked on two parameters: in addition to the username and password, you will be asked, for example, a one-time password.
  • If you see HTTP instead of HTTPS before the site address, and your browser tells you that the page is untrustworthy, it’s right; you should avoid websites without an SSL certificate.

Tips not just for the job

Do not include personal information in public sources. Addresses, dates of birth, phone numbers: yours and your family members’.

Why: all of this can help scammers find out your password or secret word, hack your accounts and get access to your money and data.

Change passwords at least every six months. “I don’t change passwords at all, and I’ve never been hacked. Why start?” – you ask, and that would be a mistake for a victim.

Why: You’ll make it harder for cybercriminals because no one knows when their money and data may be hunted.

Don’t use the same password for all of your accounts. Don’t give crooks a key to all your doors.

Why: A scammer who knows the password to one of your accounts will immediately try to open your other accounts with that key. Don’t risk everything and be creative when coming up with new combinations.

Use incognito mode in your browser when you work at someone else’s computer, log into your accounts and enter personal information.

Why: When you close a browser tab, your passwords and data won’t be saved, and you’ll be logged out of all your accounts automatically.

Turn on two-factor authentication for all your accounts.

Why: This type of protection is better at preventing scammers from attacking your account because they’ll have to overcome a double barrier to break into your account. And it won’t be easy.

Install antivirus on all your devices.

Why: Cautiousness is good, but technical protection is still better.