Cyber criminals can devise various ways to get what they want from you. Manipulating people into carrying out certain actions or giving away confidential information is known as Social Engineering. And this is a rampant form of exploitation. Why? If you can get access to anything you want just by deceiving someone, why waste time creating a highly technical and sophisticated hack?
So, how exactly do cybercriminals execute social engineering tricks or lies?
- Advertisements and Emails– These usually grab attention with their subject lines or body text.
- Phishing – Cybercriminals pose as genuine entities (a renowned bank or finance institution etc.) in order to extract confidential information through emails.
- Hoaxes – Typically known as the 419 scam, hoaxes are something that cybercriminals use to extract money or sensitive details. In this case, a cybercriminal would hack into accounts and message the person’s friends claiming to be trapped in a foreign country with no money. Other tricks/lies might include a question that piques the user’s interest and then directs them to a fake login screen. Criminals may be looking for your account information in order to send spam or to pull off a 419 scam.
Some of the hoaxes also include cashing on a panic attack or a recent endemic or natural calamity. For example, fake Japan Tsunami posts that came up everywhere on Facebook and Twitter after the calamity. The goal is to cheat individuals into submitting donations for relief efforts. People who end up donating to these sites often find their credit card information and money stolen.
The classic ‘Your account has been deactivated or blocked’ or ‘You have won a lottery’ emails also fall into this category.
- Shoulder Surfing – Looking over someone’s shoulder and writing down Logins or ATM PINs.
- Tailgating– “Sneakers” use the ‘I’m late and in a hurry. Please let me in.’ phrase to create urgency and or physically follow someone into a restricted access area.
Businesses small and big or individuals, almost everyone is a target of these scams and social engineering tricks. Keep yourself updated and aware of such threats and risks. The best way to avoid online tomfoolery is to install a reputed security software that warns, detects, and blocks malicious sites or malware execution.