Some of the best social engineering involves convincing the mark that some communication, be it email or a phone call or a letter, came from an official channel when it did not. It’s always safer to verify through a 3rd party that you’ve found yourself that something is what seems to be. It’s not rude, it’s just engaging in a little bit of multi-factor authentication yourself!
- Get in the habit of not clicking links in messages. It’s annoying, I know. Try to navigate to the site directly and then find the page. If the link’s been shortened got to a search engine’s home page and paste it there. Most will unshorten the link for you.
- If someone gives you a phone number, pop it in to a search engine. Or get their name and see if you can get to them through a publicly listed phone number for the organization. If it’s a call you’ve actually answered, always ask if you can call them back.