What Is Social Engineering? How Do Scammers Use It?
Scammers use social engineering to trick people into revealing information they normally wouldn’t share.
Guest post from Laura Harris
The term social engineering comes up in conversations about phishing ploys, romance scams, account takeovers, and myriad other schemes that exploit people and entrap them in fraud.
What is social engineering? The short answer: Manipulation. Social engineering is a common tactic used to trick people into revealing personal or business information or performing actions they normally wouldn’t. Social engineering exploits the natural human tendencies to be cooperative and to trust others.
Scammers want information such as your account numbers, social media passwords, government ID numbers, credit card details, and email credentials.
Social engineers are sneaky. They try to get what they want by gaining your trust. Social engineering uses psychological techniques to manipulate, trick, pressure, or otherwise control and exploit a person to gain access to critical information, many times financial details.
In business situations, social engineers target a company’s employees to get insider information or gain access to resources. They’re targeted solely because of their employer and leveraged as a gateway to valuable business resources.
Gaining Trust through Impersonation
Getting someone to trust you can be a slow process. However, scammers know that impersonating an authority, such as a government official or agency, can be a quick way to gain influence over someone. The misrepresentation takes advantage of the implicit trust (or fear) people have in authority figures.
A common scam involves a call or email from a fraudster posing as an IRS agent. The “agent” claims that avoiding further fees, arrest, or even imprisonment requires the target to make an immediate online payment or deposit cash in a designated crypto kiosk/Bitcoin ATM. The bad actor plays on fear, creates a sense of urgency, and applies pressure to accomplish a payment as soon as possible. Those unfamiliar with the scam, immigrants, and the elderly may be more susceptible to the impersonation.
Otherwise, trust must be gained carefully. Bad actors can be patient when stringing along their prey in pursuit of a potentially large payout. They will say anything and everything to make the target feel comfortable to lower suspicions or hesitations. People respond to kindness. Consistent kindness wins many over in the end.
Find Your Superhero Name
Scammers often use “malicious observance” to collect information. Many techniques use computers, mobile devices, and online presence, but social engineering can also take the form of dumpster diving, shoulder surfing, and eavesdropping. Fraudsters are always watching, always active, and always willing to take advantage of whatever they can.
Fluffy Main Street may tell scammers much more than you want them to know.
Social media can be a goldmine of information. And you’ve probably seen plenty of examples. Think of a seemingly innocuous social media post asking followers to create a character name by taking their first pet’s name and the street they grew up on. Consider how many people use pet names in their password habits. Or how many don’t realize their identity can be cross-referenced through their username and former address. A simple game can reveal valuable information to scammers.
Protect Yourself from Social Engineering
Many more social engineering techniques exist, and we’ll outline more in future posts. It’s important to realize that bad actors want to use your human need for connection and your trust against you. You have what they want, and they will find any way to get information or access.
We’re not telling you, “Do not trust people.” But we do want you to be careful. The best way to avoid getting scammed is to educate yourself, your friends, and your family about scams and the tactics scammers use.
Learn More about Scams
