Cybercriminals use social engineering every day to attempt to hack into people’s personal information. Social engineering preys on the human condition to gain trust, manipulate people, and get them to give up personal information. In general, there are three ways that cybercriminals use social engineering to steal your info.
This approach is one of the most prominent ways that information gets stolen. This side of social engineering has been around nearly as long as emails have. Anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps a Nigerian Prince would like to wire you a ton of money because his inheritance is locked up in the bank for some reason. All you need to do is pay a few fees to receive the money, and you get to keep a portion of his millions. Legitimate, right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach.” Why not? The bank is a legitimate business, so it must be a valid offer. The email looks very real. Or perhaps you’ll get something like, hi friend, wouldn’t you love to be a secret shopper? Or you’ll receive a check for $1000, cash it, and perform a job. Innocent enough, right? Not until after you wire initial fees and attempt to cash a bad check. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, malware may be attached to the email. The links in the email will deploy malware to infect your computer files and obtain information about you. It’s alarming how prevalent these scams are
Posing as Someone You Know
Another email scam involves cybercriminals posing as someone in your company, usually the CEO or someone high up in the financial department. They send an email that looks like it’s from your boss asking you to send money right away or process a PO immediately. Usually, something about the email address will not seem right if you’re paying attention. Letters are swapped or changed, or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, malware infects your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as valid because it came from the “boss.”
The most obvious way to pose as someone you know is through copycat Facebook profiles. Cybercriminals use this scam to trick people into thinking they have received a friend request from someone they know. The profile will often contain photos from the original person’s profile to make it look valid. As unsuspecting friends add this profile, it will appear legitimate because of similar friends and associates. Then, you’ll be asked for money or sent links containing malware to infect your computer. The hacker may even corrupt your Facebook profile after gaining access to personal information.
Finally, a newer way for cybercriminals to target people is through advertisements. Considering ads are pretty much everywhere online, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of ads people see every day. For this type of social engineering, cybercriminals deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of these ads are for anti-virus software, or a pop-up will come on your computer saying your computer has been infected and instruct you to click the link to clean the virus. Tricky, tricky cybercriminals.
The key to spotting these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. If something seems strange or wrong, avoid it until you are sure it is safe. Try not to click on any links inside of emails unless you confirm and trust the sender. If someone ever asks you to click a link and update your account info, you can check it by typing in the web address rather than clicking the link. If you get a friend request from someone, look over their profile and ensure it’s real. Check out their friends, photos, and posts to ensure they aren’t fake. Check to see if you already have that friend on your list. Finally, don’t trust any anti-virus pop-ups or ads. As always, contact us if you have any questions.