Social engineering tactics continue to evolve as a go-to tool in a fraudster’s toolbox. Recent social engineering attacks include a Twitter hack and a bitcoin scam, attacks resulting from dating app data breaches and fraudsters manipulating users from gaming data breaches. Social engineering tactics can be extremely harmful because of the amount of personal information people unwittingly divulge.
What Is It?
Social engineering is when a fraudster manipulates an individual into giving them information. The information could be personally identifiable information (PII) like Social Security numbers, account log-in information, financial details, or professional information like log-in credentials, corporate financial information, etc. Social engineering tactics are aimed at taking advantage of and manipulating someone through an emotional reaction. Terranova Security says some of the emotions used to manipulate people include fear, greed, curiosity, helpfulness and urgency. CSO Online defines social engineering as the art of exploiting human psychology rather than technical hacking techniques to gain access to buildings, systems or data.
How Does It Happen?
Social engineers could pose as a trusted company, vendor, a boss or coworker, friend or someone else the victim knows to convince the victim to turn over personal information. They could also pose as someone from a government agency – such as local law enforcement, the IRS or Social Security administration – to try and scare a victim into giving out information. Once the personal data is in the hands of a hacker, they can begin to exploit as much as possible with the given information.
How Could It Affect You?
Fraudsters who use social engineering techniques will use emails to directly collect data – that could have malicious links and attachments, or send the reader to their own website that looks legitimate, and even social media messages to steal personal information to commit identity theft. Depending on what information the hacker can collect, they could file for lines of credit in a victim’s name, file taxes or apply for other public benefits in the victim’s name, to name a few.
Steps to Take
- Be security aware. It is one of the best ways to avoid social engineering. Consumers need to be mindful that social engineering exists and understand the tactics that are used.
- Install antivirus software. Having the most updated versions of software applications will help minimize issues with viruses or malware that a fraudster may try to employ.
- Consider the source and trust your instincts. If someone receives a message that seems strange, don’t respond. Instead, reach out directly to the person or company from whom the message claimed to be to verify its validity.
- Businesses should train their employees about social engineering tactics. This can include training staff regarding the current techniques being used and regularly reviewing procedures to identify and report scams and malicious communication (along with adding new ones).
Social engineering will continue to grow and change as consumers become more aware of the various exploits. As the tactics evolve, the Identity Theft Resource Center (ITRC) will do its part to make sure businesses and consumers are educated about best practices to minimize the impacts. Anyone who has more questions regarding social engineering, or believes they have fallen victim to a social engineering scam, can call the ITRC toll-free at 888.400.5530 to speak with an expert advisor. They can also live-chat with an advisor on the ITRC’s website.
Read more of our latest news below