Avoiding Social Engineering and the Psychological Con Artist
In a lot of ways, identity theft and fraud are very impersonal attacks; fraudsters hack into databases to find and steal information which can happen to include yours. Yet, there is a much more personal and malicious way that these criminals can access your information: you. Many of them use the social engineering method to do their damage.
Social engineering is a psychological tactic that was said to be used in 33% of data breaches in 20181. This happens when fraudsters pose as trustworthy sources and manipulate you into feeling comfortable enough to give up pertinent information.
Social Engineering: A Breakdown
A social engineer has the know-how when it comes to masking their true identity and being deceitful about who they are. They not only can pose as people you already trust but can also manipulate you into believing they have enough credibility for you to trust them with sensitive information. There are multiple ways they can do this.
In one scenario, the manipulative mechanic will hack into the account of someone within your social or work circle, and use their contact list, with you included in it, to send out an email with attachments, documents, or links with malware2. The email will look like it is coming from someone you trust but can result in you becoming hacked.
Or, these criminals might send out an email that looks like an official email from a legitimate company. These phishing emails can look official, the images can look right, and can be sent from email addresses that look real and will almost always contain a link. Once clicked on, then, boom. Hacked.
An attacker could pose as a family member in need of help and may even go as far as to ask you to wire money, give them bank account or other information that they could then steal and use for their own personal gain. These kinds of social criminals can even pose as a technical support employee for a company in which they know you have interacted with and hoodwink you into giving up information that they say they need in order to help solve your issue2.
When it comes to social media, it is really easy to overshare your personal information. These criminals will use your information found on social media platforms to build trust in hopes you will take their malicious bait. There are ways for you to protect yourself so that a cyber-criminal can’t use your information to sink in their hooks.
Not only is it important to know what they may look like, but it is equally as important to know how to mitigate attacks. Though this all may seem scary, there are many tips and tricks to help you maneuver around these crooks.
What Can You Do?
- Slow down and think about things. These fraudsters will use stories and ploys to try and incite emotions that trigger you to act fast now and be skeptical later, sometimes when it is too late3.
- Unsure of the legitimacy of an email? Contact the source. If a hacker has gotten ahold of a co-worker’s or friend’s email, they may even have the capability of answering your question of legitimacy. If it makes sense to do so, calling them over the phone and asking about the email in question can be the safest option. Contacting a company about an email that was sent is always a great option to keep the unsafe malware away.
- Be cautious of any downloads and links. If you are not expecting files or information including links from the sender or do not know the sender personally, do not download or open before doing your research and gaining clarification on the legitimacy.
- If a question that you have not asked is answered, stay away. Many social engineers will contact you with an answer to a question that you have not asked or provide unsolicited help. Legitimate companies and organizations will not contact you without your contacting them first.
- Maximize security. Using firewalls, anti-virus software, and making sure your operating system is always up to date can be mitigating factors. Check out our previous blog “Your Home Can Be Your Work’s Biggest Threat” for more information about the importance of computer security.
- Be mindful of your online public identity. Make sure to be aware of the amount of personal and identifying information that is posted on online platforms. Using services such as IDSeal to alert you whenever your personal information is associated with new and suspicious accounts can not only save you from experiencing fraud, but others as well.
Experiencing identity theft and fraud is scary as it is, and can be even more overwhelming when there is a more manipulative and personal element involved. Thankfully IDSeal can help prevent identity theft, fraud, and can help prevent social engineers from following through with their plans and malicious actions. We will notify you when you are oversharing on social media with our social media monitoring features to lessen the chance of someone using your information. If your identity becomes compromised, IDSeal will send you a notification, allowing you to take control and reduce the chances of identity theft and fraud.
- Social Engineering, https://www.imperva.com
- Social Engineering attacks: A look at social engineering examples (2020, April 20) https://www.thesslstore.com