Social Engineering Scams 101
Companies and governments spend billions of dollars each year preparing secure infrastructure, establishing policies, establishing cyber defenses, and much more – all to prevent a single data breach or cyber attack that could cost them millions in stolen information and ransom costs.
But what’s the biggest vulnerability cyber criminals are able to exploit?
Criminals are always looking for new ways to psychologically manipulate you for their financial gain. They do this through social engineering, one of the most effective cybercrime methods.
Social engineering is when a hacker coerces or manipulates someone into divulging protected information, rather than trying to hack into systems. Some examples include:
- Phishing & whaling
- Physical breaches & tailgating
Learn more about these social engineering scams by downloading the infographic below.
No matter the specific type of attack, social engineering relies on heightened emotions like fear, anger, curiosity, and excitement.
Scammers also use confidence and subtle clues to encourage victim(s) to take the action the scammers want. Let’s look at an example:
Jennifer receives an angry email from the Vice President of her department. He references a mistake she made and says it needs to be resolved immediately, so he’s no longer inconvenienced and she can keep her job. He tells her to transfer funds immediately.
This phishing attempt relies heavily on fear and urgency to manipulate Jennifer into thinking she has to transfer those funds immediately or her job may be impacted. Her perfectly natural human fear will prevent her from seeing the possible red flags or asking the right questions, like…
- Is this email address spelled correctly and coming from my company’s domain?
- Is this money transfer request in line with company policy on financial transfers?
- Do I remember making this mistake and would it impact him like this?
- Is it typical for him to react this way? Would he really threaten my job over this?
Other social engineering scams might be more physical, like following someone into a building or looking at their computer over their shoulder. Simple acts like these allow observant criminals access to passwords, offices, and information they otherwise wouldn’t have.
So how do you stop being a vulnerability? Block cyber crime easily with these 6 tips:
- Question anything unusual, even urgent requests from important people.
- Don’t click on links in emails or download attachments unless you’re familiar with the sender and content.
- Always follow cybersecurity policies, even if they’re inconvenient.
- Be vigilant about your physical security: don’t let strangers into secure areas and don’t access secured websites in public spaces.
- Don’t share passwords or security question answers, even in passing.
- Maintain up-to-date cybersecurity software and training.
With these tips, you’ll know when to spot a social engineering attempt and be able to warn others. Don’t be a victim! Learn more about the kinds of social engineering scams by downloading the TCecure Social Engineering Scams infographic! Simply enter your email below and we’ll send it right over.