Social Engineering is the sophisticated use of psychology to manipulate cyber users into giving data through the proficient use of a scam. Criminals deceive victims to obtain monetary benefits and sensitive information which is used for identity theft. Varied scams are initiated depending on success rates, though the ultimate objective and method remains the same. Depending on who the target is, criminals undertake social engineering online, in person, or over the telephone. Scammers use known sources to gain the trust of the victim.
TechDecoded has compiled a list of how Social Engineering is behind most prevalent scams:
The free giveaway scam – Social engineering scammers take advantage of the human nature which appreciates receiving free gifts. The scam operates via emails, social media, mobile phones and is successful on all platforms. Frequently, criminals thrive in obtaining objectives through giveaway scams, unfortunately through this social engineering mechanism the information attained is used for identity theft or for other criminal purposes.
The CEO scam – This Social Engineering scam usually takes place over email, however in certain cases where a specific employee is exploited for being naïve or more susceptible to the scam, then the scam takes place over the telephone. With the email scam, cybercriminals spoof an existing email address or create a fake email address for senior executive particularly the CEO to trick employees. Requests are made to receive private data such as salary details, National Insurance numbers and other records.
This scam is more likely to succeed within a small organisation where stringent policies are not enforced. The data is used for multiple reasons varying from case to case from receiving fraudulent tax refunds to applying for credit and loans. Cybercriminals are effective with this Social Engineering scam because employees are accustomed to receiving instructions via emails, therefore are likely to conform ensuring a swift response.
Ransomware – Social Engineering is part of the reason why Ransomware is spreading exponentially. Cybercriminals are actively engaged in designing Ransomware attacks that prompt a user to click a link which is enticing such as a shocking headline or an email prize link. The moment a victim downloads the infected file, the computer is locked, and ransom demands begin. Meanwhile, the computer user is promised that if the ransom is paid the encrypted files shall be decrypted. However, this is highly unlikely and untrue in most cases. TechDecoded recommends backing up data and not paying a ransom.
The following tips are recommended by TechDecoded to protect against any new occurrences of Social Engineering scams which may use old methods to trick an individual or organisation:
- Stay alerted and up-to-date with prevalent phishing, Social Engineering and any other types of scams.
- Use a trusted security software package to receive protection from ransomware, malware and general cyber threats.
- Exert caution when opening emails particularly email attachments. Verify the identity of the sender before downloading any attached content. Only download content from a known and trusted source when the validity of the attachment is assured. Avoid clicking on any URL links or email attachments when an unexpected email arrives.
- Avoid accepting Social Media friend requests from strangers and avoid responding to any messages received.
- Never oblige to requests for sharing sensitive information. Verify with a trusted sender through several other forms of communication for instance face to face, over the telephone and any secure medium of data transmission before sharing any personal information.
- Be sceptical and wary of free offers particularly when the identity of the advertiser is unknown.