Why Social Engineering is a Scammer’s Secret Weapon
Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same.
Social engineering can happen online, over the phone, or even in person. Scammers often try to win your trust by pretending to be legitimate businesses or person, offering you a great deal, or playing on your sympathies. Just think of the now-famous Nigerian prince scam, in which fraudsters would ask for help accessing a large sum of money, and request the victim’s banking details to complete a money transfer in exchange for a payout. Not only did these scams play on victims’ sympathies, but also their desire for easy money. Modern-day scams work much the same way.
Let’s take a look at some of the most popular scams now, and how social engineering plays a part.
Ransomware—This online threat has grabbed headlines for a reason: it’s frightening, and it works. Ransomware, which has grown exponentially over the last three years, usually starts with the victim downloading what looks like an innocuous file, or even clicking on a dangerous webpage. Scammers use social engineering to get users to click by offering something free (like a gaming app), or enticing, like an email prize notification, or shocking headline.
Once the victim downloads the infected file, it locks up their computer or device and demands money before the victim can regain access to their files. These could include personal photos or sensitive tax and identity information, which is what makes this scam so scary. The trick is, even if you pay the ransom you may never get access to your files. That’s why it’s crucial to back up your files on an external hard drive or through a cloud storage service.
The CEO Scam—This scam is usually done via email, and takes advantage of our assumption that anything that comes from a known email address can be trusted. The cybercriminals will spoof, or fake, an email address of a top executive in a company and then use that spoofed address to send messages requesting sensitive or private information from other members of the organization, like wage details, Social Security numbers, and financial records.
This data can then be used to file a fraudulent tax return and receive a refund, or apply for credit in a victim’s name, for example. Because the email address appears to come from within the organization, and recipients are accustomed to complying with work requests, it’s a very easy scam to fall for.
The Free Vacation Scam—Always a classic, the phone scam still hooks a ton of victims each year. Once again, the social engineering scammers are taking advantage of our desire for things that are free, or a great deal. They usually start by telling the victims that they have won a vacation to Las Vegas or another sought-after locale, and all they need to do is provide their credit card number to pay for a tax or other fees.
Now that you know how social engineering works in common scams, here are some tips to help you steer clear of any new versions of these old tricks:
- Always be suspicious of any free offers, including free mobile apps.
- Never respond to a request for sensitive or private information, even if it appears to come from a trusted source. If you have doubts, message or email the person directly from your saved contact details, or better yet, talk to them in person to confirm their request.
- Register both your home and mobile numbers on the “do not call” list to avoid phone scams.
- Don’t accept friend requests from people you don’t know in real life, and never respond to texts from strangers.
- Be careful when opening email attachments. Make sure you know the sender and have requested the attached information first.
- Use comprehensive security software to help protect you from malware, ransomware, and other online threats.
- Keep up-to-date on the latest scams so you know what to look out for.
The post Why Social Engineering is a Scammer’s Secret Weapon appeared first on McAfee Blogs.
More antivirus and malware news?
- Update: eLion transcript menu unavailable
- Europol and security vendors disrupt massive Ramnit botnet
- India’s Biometric Database Reportedly Breached, More Than One Billion Compromised
- In deep: the internet’s underwater weak links
- Equifax: researchers find leaky customer help portal in Argentina
- Microsoft Word Intruder Revealed – inside a malware construction kit
- A typo skewed the history of HIV in the US and vilified “Patient Zero”
- iOS ‘iBoot’ source code posted online, Apple issues DMCA takedown notice
- Next Generation Firewall
- Former DNSChanger addresses out in the wild again