Social Engineering Scams: What are They?

The term "social engineering" is used as a way to describe a fancy and technical form of lying. As an alternative to the traditional action of hacking, social engineering is the act of manipulating someone into doing certain actions or releasing private information. In addition, social engineering techniques are often used to get into a corporate network.

Social engineering is based on telling a lie, and then getting someone else to respond with the truth.

As humans, over thousands of years we have undergone social conditioning to help us to trust each other, and these social engineers take advantage of this trust.

How does this work? Let me give you an example:

A few years ago, Defcon, the world's largest “underground” hacking conference, held a contest where participants successfully convinced employees from some Fortune 500 companies to offer full profiles of their network software and computers. This information is all that is necessary to stage a cyber attack on the company.

Some of those who were targeted shared information such as what type of antivirus software they used, their operating system information, their service pack version and even email information. In some cases, the contest participants got the target to visit certain websites, which could install malicious programs onto computers. Once social engineers get this information, it is a matter of time before they attack the company's network.

The 6 Ways Hackers Can Get Into your Head

There are a number of ways a hacker can get into your head. Here are six:

  1. Threatening you to comply with their wishes.
  2. Getting you to agree with something that will compromise your computer security without you realizing it.
  3. Pretending to be someone of authority, such as a CEO, manager of your bank or an employee of the IRS.
  1. Giving you something and hoping you will feel obligated to do the same.
  2. Making it appear that you are not the only one involved, such as with a phishing email. They will make it look like the email is going to you, your friends, family, colleagues, etc.
  3. Planning on you making an emotional decision. They will use charm, wit and information from your social media profiles.

Understand that you are not going to be swindled by every person who calls for a donation, or requests information, but there is a small chance that you will be. This means you must have a system in place regarding what you should and should not say. Knowing how to avoid social engineering and preventing others from falling into this scam is important to understand and share. Here are some tricks to keep you safe:

  1. Never give out personal information. Social engineering may occur over the phone, via email or in person, and it usually consists of someone pretending to be someone they are not, such as the manager of your bank or even the fire department. Always ask for verification before releasing private information.
  2. Be thorough with your security questions for a password reset when signing up for a website. Do not answer those that a hacker can get the answer to, such as the city you were born in. Instead, choose obscure questions from the list, and if all of them seem too basic, choose answers that only make sense to you. Instead of putting Chicago, IL as the city you were born in, for instance, put Planet Mars.
  1. Use caution when receiving emails about resetting a password. Contact your service provider to see if the message is legitimate.
  2. Never use the same password for multiple online accounts! This is a grave mistake, and it makes it extremely easy for hackers to use these passwords against you. Similarly, you should avoid using the same security question and answer from account to account. It is too easy for someone to replicate this on other sites, and when they do, they have access to your information.
  3. Watch your online accounts and their activity. Some account providers have a dashboard that show when you log in or what apps have connected to the account.
  4. Be suspicious of any link in any email, even if it is from a person you know and trust.

Social engineering is a successful way to set up a con, and these individuals can easily make a phone call sound legit or an email look as if it is coming from someone you know.