Social engineering refers to the act of manipulating people into giving up confidential information, including passwords and other personal or financial information.
Scammers will use social engineering tactics because they know it’s usually easier to exploit person’s weakest trait: our inclination to trust. Social engineering encompasses a variety of malicious activities. The common denominator is human interaction and psychologically manipulating or tricking people into making security mistakes.
There are various ways scammers will use social engineering, including: (1) Phishing, (2) Vishing (3) SMiShing and (4) Data Mining.
Phishing is a cyber attack method utilizing fraudulent emails or websites to gather personal information from unsuspecting victims. The goal for scammers using phishing is to trick you into believing that the message you’re receiving is from someone you know, or an organization or company you do business with. A simple click of a link or believing it’s someone you trust can lead to your information being placed in the wrong hands. For more information on Phishing, take a look at our previous blog How to Spot a Phishing Email.
Similar to Phishing, Vishing is done over the phone to scam people to provide private information that will then be used in identity theft. If you receive a phone call and they’re asking for suspicious requests, look up the organization they’re supposedly calling from and search for a customer service number. Confirm that it’s the same number you received a call from or give them a call yourself for more information. Most importantly, don’t give out any personal information until you verify the legitimacy of the caller.
SMiShing is the text message equivalent of phishing. Where mobile device users will receive a text message containing some type of prompt or website hyperlink that’ll lead them to a malicious website and/or download malware to the users phone. In many cases SMiShing messages will be sent via an email to a cell phone number. Sometimes they’ll come from a “5000” number instead of an actual phone number. Don’t ever respond to these types of messages and delete them right away.
4. Data Mining
Unfortunately, the use of internet and social media has made it fairly easy for scammers to collect personal information of others. Data Mining involves the search and review of public records, social networks, credit reports, and other types of databases that give them access to substantial information. Scammers can use basic information found on your profiles to hack accounts and gather even more personal information for the sole purpose of committing identity fraud. This type of attack is more often geared towards big companies that collect customer information, like stores or websites. Scammers will then hack into their databases and collect information from the company’s unsuspecting customers.
The success of a scammer depends on how easy it is for them to manipulate people into doing a particular action or willingly providing information. Their attacks are highly thought out and planned before they even engage with their target(s) to gain their trust. Be cautious when someone prompts you to give up sensitive information and don’t fall for the usual tricks.
Source: Information courtesy of CUNA Mutual Group.