Woman looking at phone
06/26/20

Avoiding Social Engineering and the Psychological Con Artist

In a lot of ways, identity theft and fraud are very impersonal attacks; fraudsters hack into databases to find and steal information which can happen to include yours. Yet, there is a much more personal and malicious way that these criminals can access your information: you. Many of them use the social engineering method to do their damage.

Social engineering is a psychological tactic that was said to be used in 33% of data breaches in 20181. This happens when fraudsters pose as trustworthy sources and manipulate you into feeling comfortable enough to give up pertinent information. 

Social Engineering: A Breakdown

A social engineer has the know-how when it comes to masking their true identity and being deceitful about who they are. They not only can pose as people you already trust but can also manipulate you into believing they have enough credibility for you to trust them with sensitive information. There are multiple ways they can do this. 

In one scenario, the manipulative mechanic will hack into the account of someone within your social or work circle, and use their contact list, with you included in it, to send out an email with attachments, documents, or links with malware2. The email will look like it is coming from someone you trust but can result in you becoming hacked. 

Or, these criminals might send out an email that looks like an official email from a legitimate company. These phishing emails can look official, the images can look right, and can be sent from email addresses that look real and will almost always contain a link. Once clicked on, then, boom. Hacked.

An attacker could pose as a family member in need of help and may even go as far as to ask you to wire money, give them bank account or other information that they could then steal and use for their own personal gain.  These kinds of social criminals can even pose as a technical support employee for a company in which they know you have interacted with and hoodwink you into giving up information that they say they need in order to help solve your issue2.

When it comes to social media, it is really easy to overshare your personal information. These criminals will use your information found on social media platforms to build trust in hopes you will take their malicious bait. There are ways for you to protect yourself so that a cyber-criminal can’t use your information to sink in their hooks. 

Not only is it important to know what they may look like, but it is equally as important to know how to mitigate attacks. Though this all may seem scary, there are many tips and tricks to help you maneuver around these crooks. 

What Can You Do? 

  •  Slow down and think about things. These fraudsters will use stories and ploys to try and incite emotions that trigger you to act fast now and be skeptical later, sometimes when it is too late3
  •  Unsure of the legitimacy of an email? Contact the source. If a hacker has gotten ahold of a co-worker’s or friend’s email, they may even have the capability of answering your question of legitimacy. If it makes sense to do so, calling them over the phone and asking about the email in question can be the safest option. Contacting a company about an email that was sent is always a great option to keep the unsafe malware away.
  •  Be cautious of any downloads and links. If you are not expecting files or information including links from the sender or do not know the sender personally, do not download or open before doing your research and gaining clarification on the legitimacy. 
  •  If a question that you have not asked is answered, stay away. Many social engineers will contact you with an answer to a question that you have not asked or provide unsolicited help. Legitimate companies and organizations will not contact you without your contacting them first. 
  •  Maximize security. Using firewalls, anti-virus software, and making sure your operating system is always up to date can be mitigating factors. Check out our previous blog “Your Home Can Be Your Work’s Biggest Threat” for more information about the importance of computer security.
  •  Be mindful of your online public identity. Make sure to be aware of the amount of personal and identifying information that is posted on online platforms. Using services such as IDSeal to alert you whenever your personal information is associated with new and suspicious accounts can not only save you from experiencing fraud, but others as well. 

Experiencing identity theft and fraud is scary as it is, and can be even more overwhelming when there is a more manipulative and personal element involved. Thankfully IDSeal can help prevent identity theft, fraud, and can help prevent social engineers from following through with their plans and malicious actions. We will notify you when you are oversharing on social media with our social media monitoring features to lessen the chance of someone using your information. If your identity becomes compromised, IDSeal will send you a notification, allowing you to take control and reduce the chances of identity theft and fraud.  

  1. Social Engineering, https://www.imperva.com
  2. Social Engineering attacks: A look at social engineering examples (2020, April 20) https://www.thesslstore.com
Avoiding Social Engineering and the Psychological Con Artist
06/26/20

Avoiding Social Engineering and the Psychological Con Artist

In a lot of ways, identity theft and fraud are very impersonal attacks; fraudsters hack into databases to find and steal information which can happen to include yours. Yet, there is a much more personal and malicious way that these criminals can access your information: you. Many of them use the social engineering method to do their damage.

Social engineering is a psychological tactic that was said to be used in 33% of data breaches in 20181. This happens when fraudsters pose as trustworthy sources and manipulate you into feeling comfortable enough to give up pertinent information. 

Social Engineering: A Breakdown

A social engineer has the know-how when it comes to masking their true identity and being deceitful about who they are. They not only can pose as people you already trust but can also manipulate you into believing they have enough credibility for you to trust them with sensitive information. There are multiple ways they can do this. 

In one scenario, the manipulative mechanic will hack into the account of someone within your social or work circle, and use their contact list, with you included in it, to send out an email with attachments, documents, or links with malware2. The email will look like it is coming from someone you trust but can result in you becoming hacked. 

Or, these criminals might send out an email that looks like an official email from a legitimate company. These phishing emails can look official, the images can look right, and can be sent from email addresses that look real and will almost always contain a link. Once clicked on, then, boom. Hacked.

An attacker could pose as a family member in need of help and may even go as far as to ask you to wire money, give them bank account or other information that they could then steal and use for their own personal gain.  These kinds of social criminals can even pose as a technical support employee for a company in which they know you have interacted with and hoodwink you into giving up information that they say they need in order to help solve your issue2.

When it comes to social media, it is really easy to overshare your personal information. These criminals will use your information found on social media platforms to build trust in hopes you will take their malicious bait. There are ways for you to protect yourself so that a cyber-criminal can’t use your information to sink in their hooks. 

Not only is it important to know what they may look like, but it is equally as important to know how to mitigate attacks. Though this all may seem scary, there are many tips and tricks to help you maneuver around these crooks. 

What Can You Do? 

  •  Slow down and think about things. These fraudsters will use stories and ploys to try and incite emotions that trigger you to act fast now and be skeptical later, sometimes when it is too late3
  •  Unsure of the legitimacy of an email? Contact the source. If a hacker has gotten ahold of a co-worker’s or friend’s email, they may even have the capability of answering your question of legitimacy. If it makes sense to do so, calling them over the phone and asking about the email in question can be the safest option. Contacting a company about an email that was sent is always a great option to keep the unsafe malware away.
  •  Be cautious of any downloads and links. If you are not expecting files or information including links from the sender or do not know the sender personally, do not download or open before doing your research and gaining clarification on the legitimacy. 
  •  If a question that you have not asked is answered, stay away. Many social engineers will contact you with an answer to a question that you have not asked or provide unsolicited help. Legitimate companies and organizations will not contact you without your contacting them first. 
  •  Maximize security. Using firewalls, anti-virus software, and making sure your operating system is always up to date can be mitigating factors. Check out our previous blog “Your Home Can Be Your Work’s Biggest Threat” for more information about the importance of computer security.
  •  Be mindful of your online public identity. Make sure to be aware of the amount of personal and identifying information that is posted on online platforms. Using services such as IDSeal to alert you whenever your personal information is associated with new and suspicious accounts can not only save you from experiencing fraud, but others as well. 

Experiencing identity theft and fraud is scary as it is, and can be even more overwhelming when there is a more manipulative and personal element involved. Thankfully IDSeal can help prevent identity theft, fraud, and can help prevent social engineers from following through with their plans and malicious actions. We will notify you when you are oversharing on social media with our social media monitoring features to lessen the chance of someone using your information. If your identity becomes compromised, IDSeal will send you a notification, allowing you to take control and reduce the chances of identity theft and fraud.  

  1. Social Engineering, https://www.imperva.com
  2. Social Engineering attacks: A look at social engineering examples (2020, April 20) https://www.thesslstore.com
Recent Posts
Archives
Start protecting your identity today! Signing up is quick & easy
Remember, 1-in-4 Americans are the victim of identity theft. It's not a matter of if you'll become a victim. It's when...

1It is not possible to prevent all identity theft or cybercrime, or to effectively monitor all activity on the internet. IDSeal cannot and does not guarantee complete protection against cybercrime or identity theft. IDSeal does not monitor the activities of all financial institutions, or all activities of any particular financial institution. Review the IDSeal Terms and Conditions for specific details regarding IDSeal services.

2The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company under group or blanket policy(ies). The description provided in the Summary of Benefits is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.

3Recurring pricing shown excludes applicable sales tax. By enrolling as an IDSeal member under any plan, you authorize IDSeal to charge your payment method (credit/debit card) on a recurring basis for the fees associated with your membership plan. Review the IDSeal Terms and Conditions for important information regarding your membership, including your membership term, and your right to cancel; and review the IDSeal Privacy Policy for information regarding how IDSeal collects and processes your information.

4The credit scores provided are VantageScore 3.0 credit scores based on data from Equifax®, Experian® and TransUnion®. Any one bureau VantageScore mentioned is based on Experian data only. Please see the IDSeal Terms and Conditions for more information on credit scores.

5IDSeal Pro-Tec provides tools and resources to protect your data and identity, but no one can prevent all cybercrime or identity theft. Your own efforts are important to prevent unauthorized access to your personal information.

Terms and Conditions | Privacy Policy | Terms of Use | Accessibility Statement | Upgrade