Social engineering is a phrase that simply means the art of conning people into giving up confidential information.
And like all past, present and future con tricks it seeks to exploit an innate trust many people have.
The types of information criminals seek is typically:
- Passwords and banking information
- Remote access to your computer
Social engineering is popular among cyber miscreants because it’s often much easier to exploit someone’s trust to get information than it is to hack their computer.
Cyber fraudsters understand the weakest link in a security chain is often a person and this is what they will zero in on.
Common social engineering scams
Crooks who socially engineer typically do so to get an email password.
If they achieve this they access to that person’s contact list. They then send emails to all the contacts.
They will also exploit social media if the same password for email accounts is used for social media.
The following three points highlight how these email social engineering tricks generally work:
- An email message may contain a malware laden link. But because the recipient believes the email has come from a ‘friend’ they are naturally inclined to trust it and will more often than not click on the link.
- Sometimes the message is a tale of woe. The scammer is preying on a victim’s sympathy. The stories are different but the conclusion is always the same, ‘please send money’.
- Emails can also contain messages that try and bait people into clicking on links, for instance, a mail may claim that you have won something or that there is problem of some sort and to help resolve it you have to click on a link.
These are some of the most common social engineering scams but in reality there are hundreds of variations on these themes.
Remote access scam
Remote access scams are common social engineering tricks. A crook gets someone’s phone number, calls them claiming to be from Microsoft or some other tech giant and tells the victim they have a virus on their computer.
Some variations say you owe tax.
The scammer says all you need to do is pay money and the problem will be solved.
It’s a scam. Don’t fall for it. They ask for money to fix the problem but there is no problem in the first place.
It’s worth noting there is an underground industry in India dedicated exclusively to making scam social engineering calls.
A good way to get rid of the scammers is to play along for a minute, tell them you need to get something, then place your phone next to a speaker and turn it up full volume.
They’ll be gone in a second.
How to stay safe
There are some simple rules that if followed will help keep you safe:
- If an email message conveys a sense of urgency and tries to get you to respond quickly, be sceptical.
- Treat unsolicited messages with suspicion. If an email looks legitimate check the company out online or call them, before clicking on any links
- Delete requests for financial information or passwords immediately. Theses mails are scams.
- If you receive a request for help from a charity or organization that you do not have previous dealings with delete the mail
- Hovering over links in an email will show the actual URL (website address). You can then verify whether it’s legitimate or not by visiting the website independent of the mail.
- If you use BullGuard protection malicious links and suspicious websites are immediately flagged up as being potentially dangerous
- If you receive a call in which the caller wants you to hand over money ignore it.