Teach Yourself to Beat Social Engineering Crooks

Another great article from Scambusters(.org).

Behind every scam, there’s a piece of social engineering — the technique and tactics that con artists use to convince people to give information away or behave out of the ordinary.

They develop, or engineer, tricks that are calculated to deceive.

If it wasn’t so evil (at least in this context), you could call social engineering a science. That’s because being a good social engineer involves understanding what makes people tick. They know how to put pressure on you, spin a convincing hard luck story or strike fear in your heart. Pressure, trust, and fear are the scammers’ frontline weapons.

When they succeed, they can get you to do whatever they want.

“Criminals use social engineering tactics because it is usually easier to exploit your natural inclination to trust than it is to discover ways to hack your software,” says Internet security firm Webroot.

“The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software that will give them access to your passwords and bank information as well as control over your computer.

Reverse Engineer?

If you want to beat them at their own game, you’ve got to be constantly on the alert. In a way, you have to “reverse engineer” the scammers’ tactics. You have to know and deal with what makes you potentially vulnerable.

If you’re too trusting or gullible, you have to recognize this and adopt an attitude of skepticism about all that you see and hear.

If you give way to pressure easily, you must set a personal rule for yourself to disconnect from whoever is pressuring you so you have time to review what’s happening.

And if you’re the type who is easily scared by intimidation, you need to call on help and support from friends or family to help steer you past the threats.

The non-profit Center for Cyber Safety and Education says we all need to do more to counter the scammers’ techniques, by following four key actions:

  1. Make your starting point to question the intentions of anyone asking you for money or information. Seek and check proof of identity.
  2. Be on your guard when you get a call from anyone you don’t know. You have no way of being sure who they are, even if their voice sounds familiar.
  3. Think before acting. Tell yourself to slow down in a situation where you’re being asked for money or information. Ask someone else for their opinion on what you’re being asked.
  4. Play your part in educating others about the risks. Tell your kids!

Look out, too, says the center, for red flags including paying with gift cards or money wire, or being told not to discuss your activities with anyone else.

Phishing — tricking people into giving away information that can be used for identity theft — is the most rampant form of social engineering. It comes in all shapes and sizes, from simple fake emails and websites to injecting fraudulent links, usually as ads, into search engines like Google.

If you want to learn more about phishing, check out this detailed exploration from the Webroot security site (you may have to provide an email address before you download the pdf): https://tinyurl.com/Scambusters-210620

Webroot also offers the following tips to stall a social engineering attack:

  • Think first, act later — not the other way around.
  • Get the facts. Thoroughly research any request for money or information.
  • Don’t let a link (e.g. in an email, on a website, or a text message) control where you land. Find the site you’re interested in by yourself not via a link.

In fact, here at Scambusters we recommend using “don’t click” as your default policy with links, unexpected attachments, and downloads — allowing few if any exceptions.

  • Foreign offers to buy, sell, or inform you of winnings/inheritances are fakes. It’s a sweeping statement but nearly always true.
  • Hit “delete” when you get messages asking for confidential information. Legitimate organizations simply don’t make these requests.
  • Use spam filters on email and set them to “high.”
  • Be suspicious… if you get an email offering help you didn’t ask for or seeming to answer a question you never asked.

Sadly, social engineering is here to stay. But being aware of it and knowing how to counter it is a powerful starting point for beating the crooks. The more you learn, the less likely you are to get scammed.