Social engineering involves using manipulative techniques to elicit feelings of fear, uncertainty, pressure, sympathy and excitement in the hope that we will deviate from the ways we typically behave. Historically used in everything from political propaganda to advertising, it’s now found fertile ground on the Internet, where criminals use social engineering techniques to gain access to sensitive information or take advantage of us for financial gain. Here, we’ll explore six common scams these criminals typically use—and offer tips on how to avoid falling into their traps.
1. Impersonating an authority figure
People tend to comply with requests from those in authority. Knowing this, a hacker might, for example, pretend to be a law enforcement agent and send an e-mail that claims illegal content has been found on your computer. The hacker advises you to click on a link to obtain additional details. Because the identity of the sender and the look and content in the message appear to be legitimate, you click and malware is installed on your machine.
2. Using fear tactics
The age-old IRS scam is a great example of how scammers use urgency and fear tactics to trick people into taking ill-advised actions. A con artist poses as an IRS representative and reports that you owe back taxes. If you don’t immediately provide your bank account information you’ll be arrested. Fall for this scam and minutes later the criminal has full access to your savings.
3. Exploiting FOMO concerns
The rise of social media has created the phenomenon of FOMO—Fear of Missing Out on something trendy, scarce or culturally imperative. Criminals can exploit FOMO feelings by creating a false sense of urgency. For example, a phishing email may claim that, because of huge demand, only a limited number of the latest iPhone is available and that the recipient must click on a link now to reserve theirs. Like all such scams, clicking on the link might either install malware or lead to a phony web site designed to capture your personal and financial information.
4. Adopting an official persona
Many information-thieves leverage their professional appearance and engaging personalities to get past our natural defenses. This is particularly easy to do in a workplace with relaxed security protocols. A common example is a criminal disguising himself as an Information Technology professional who says he has an appointment to repair one or more computers. If he can charm his way past the front desk and into the CFO’s office he may be able to swipe confidential financial information in a matter of minutes.
5. Taking advantage of our willingness to help those in need
Facebook users who allow anyone to view their lists of friends often leave themselves open to this variation of the infamous "money wiring” scam. A common tactic is for the scammer to spoof the email address of a Facebook friend and send you an urgent message saying she is traveling overseas and has been mugged and needs you to wire money to her. Scammers might incorporate information taken from your friend’s Facebook posts to make the message seem legitimate. It’s only natural to want to help a friend in need, and too often victims wire the money before verifying the sender’s identity.
6. Manipulating our tendency to trust people we know
We’re far more likely to let our online guard down for messages that appear to be coming from people we know. One way scammers exploit this trust is by creating viruses that hack into users’ email accounts. The virus then automatically sends messages with subject lines such as “You’ve got see this” to everyone in the user’s contact list. Since the message comes from the hacked user’s real email address, it appears, at first glance, to be genuine. But the message usually has very little text and a link that, when clicked, installs the same virus (or something even worse) on the recipient’s computer or mobile device.
Tips for spotting and defending against attacks
Now that you understand some of the techniques social-engineering scammers use, let’s move on to some tips for spotting and dealing with these attackers:
- Be wary of any e-mail or phone call that comes with a heightened sense of urgency and that requires an immediate response.
- Never click on any suspiciously looking link in an email message that appears to come from a friend unless you specifically asked for such a link.
- If you get an unsolicited message or call requesting personal information from what appears to be a familiar organization, never fulfill the request on the phone or by clicking a link. Instead, verify the source by calling the entity from a legitimate phone number or by visiting its official web site and logging in from there.
- Never ever respond to any email request or text asking you to wire money. If a friend is truly in dire need of assistance, he or she will call you.
- If someone calls claiming to be from Microsoft or another tech company and requests access to your computer to fix a supposed problem, it is almost always a scam! If an individual arrives at your office with such a claim, ask for identification or verify his or her identity by calling the company for which the person supposedly works.
- Mark every suspicious message you receive as spam or junk mail and block the sender if you can.
- Change Facebook's privacy settings to make sure that your posts, photos and friends list can't be viewed by people who aren't your friends.
Because our trusting nature often prevails over our common sense, we need to stay vigilant. By understanding the human tendencies that scammers try to exploit—and the red flags that signal a potential scam—you will be well positioned to protect yourself from this growing threat.
Chris Gullotti is a financial advisor located at Canby Financial Advisors, 161 Worcester Road, Framingham, MA 01701. He offers securities and advisory services as an Investment Adviser Representative of Commonwealth Financial Network®, Member FINRA/SIPC, a Registered Investment Adviser. He can be reached at 508.598.1082 or at [email protected]
© 2018 Commonwealth Financial Network®