How Criminals Use Social Engineering to Scam Us
A big risk to businesses and individuals alike, social engineering involves exploiting bugs in our “human hardware.” In person, over the phone, or by email, criminals draw on social engineering techniques to evoke fear, uncertainty, pressure, excitement, and other emotions to get us to deviate from the way we typically behave. Their goal is to gain access to our sensitive information or to take advantage of us for financial gain.
Plan of Attack
Here are some common human tendencies that social engineers seek to exploit.
• The tendency to obey authority. People tend to comply with requests from those in positions of power, so a hacker might impersonate an authority figure to get you to do something. For example, pretending to be someone from a law enforcement agency, a scammer might email you, claiming to have found illegal content on your computer, and then advise you to click on a link to obtain additional details. Considering the perceived authority of the sender, you may not question the legitimacy of the message. Clicking on the link could install malware on your machine, however.
• The tendency to react too quickly to urgent requests. A sense of urgency tends to cause us to rush into making decisions that we wouldn’t usually make. The IRS scam is a great example of this. In such a scam, a con artist poses as an IRS representative and reports that, if the intended victim doesn’t immediately provide payment information for back taxes owed, a warrant will be issued for the person’s arrest. Who among us wouldn’t want to avoid this negative consequence? Unfortunately, targets of this scam often comply with the request, sending precious confidential information to criminals.
• The tendency to act too quickly to avoid missing out on something scarce. If we believe there isn’t enough of something good to go around, we humans often take ill-considered actions because we fear we’ll miss out on something we want. To exploit this trait, a criminal might send phishing emails purporting to come from Apple and claiming that, because of huge demand, only a limited number of the latest iPhone models are available for purchase: “You might be able to get one—but you have to act fast!” In reality, clicking on the link could install malware on your computer or lead you to a legitimate-looking website that asks for your personal information to order the phone. Provide that information and the hacker will have it—personal details, perhaps even your credit card number and its expiration date.
• The tendency to let down our guard because of a stranger’s likeable persona. Some scammers put on a very friendly act to make us feel comfortable dealing with them and so we’re more likely to let our defenses down. For example, a cybercriminal could pose as a computer technician, stop by your workplace, and strike up a pleasant conversation with the receptionist. Before you know it, the technician has been given access to an office computer, ostensibly for doing routine maintenance, but really stealing whatever sensitive data is available online.
• The tendency to trust and help those who need something. Social engineers sometimes try to exploit a sense of trust in others, causing potential victims to feel guilty enough to provide the scammers what they need. These crimes usually result in bigger, immediate payoffs. For example, a scammer could email you posing as a friend traveling overseas who has been mugged and needs money to return to the U.S. In a situation like that, you might trust that the sender is your actual friend and feel guilty if you don’t lend a hand, and wire the money without verifying the sender’s identity.
Remain Alert
Because our trusting nature often prevails over common sense, we need to stay vigilant. Here are several tips for spotting and dealing with attackers who use social engineering:
• Be extra wary of any email or phone call that comes with a heightened sense of urgency and that claims to require an immediate response.
• If you get an unsolicited message or call purporting to come from a familiar organization and asking for personal information, hang up and either call the entity at a number you know is legitimate or type the organization’s URL directly into your browser and log in from there.
• Always verify the source of a phone call or message before fulfilling a request, clicking on a link, or downloading an attachment.
• If someone calls claiming to be from Microsoft or another tech company and requests access to your computer to fix a supposed problem, don’t fall for it. This is almost always a scam! If an individual arrives at your office with such a claim, ask for identification or verify his or her identity by calling the company for which the person supposedly works.
If you have any questions about the information shared here, please feel free to contact me by email or phone.
Marianna Goldenberg, CDFA
CURO Wealth Management
1705 Newtown-Langhorne Road | Suite 1 | Langhorne, PA 19047
215.486.8350 | 267.394.7053 fax | www.curowm.com | marianna@curowm.com
Securities and advisory services offered through Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. Fixed insurance products and services are separate from and not offered through Commonwealth Financial Network®.
© 2022 Commonwealth Financial Network®