What is a Social Engineering Attack? Techniques & Prevention Tips

social engineering scam
By Ben Hartwig
18 December, 2019

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining access to a company’s accounts. These attempts, which are often similar to phishing, specifically disarm the recipient by disguising a malicious email or text message to make it look like it’s from a friend or coworker.

By appealing directly to the human impulse to help someone or to follow up on an obligation, these scams bet that people who are approached or who receive the messages will act before thinking through the possibilities or considering that the message could be a ruse. The same happens when a person receives a message appearing to be from his boss – the first impulse is to complete the task requested, whether it’s providing company figures, account information, or customer data. Unfortunately this is a successful tactic of many scams as social engineering hacks.

People are less likely to look carefully at an email or text when they believe it’s from a trusted friend or coworker. The links or messages contained in the email however may unleash malware that then infects the recipient’s computer or may lead the recipient to a spoofed website that seeks the person’s bank account information, social security number, or other access to valuable information.

Once in a person’s computer, malware may then use the owner’s address book to send another set of email messages to more people in order to infect more computers.

social engineering scam

Beware of unexpected messages that urge quick action or those with the following subject lines:

  • you’re a winner
  • donate to my favorite charity
  • your request for information
  • confirm your details
  • your computer’s security report/status
  • verify your account

Sophisticated phishing scams often go to great lengths to mimic legitimate business websites, including banks, clubs, and even your employer’s. Look closely at the website URL for the link, as the scammers often misspell the company name by one letter or register the website under an unusual web extension such as .biz rather than .com.

Types of social engineering scams

  • Phishing Scams– the scammer sends many emails seeking quick action on a sensitive issue, which allows him access to the victim’s computer in order to infect it with malicious software;
  • Watering Hole Scams– this is a sophisticated attack most often used by government-sponsored scammers in which they gain access to a website and wait until a particular day or event before hatching their plan to exploit weaknesses and potentially attack others associated with it;
  • Whaling Scams– this approach targets high-level executives, often by spoofing the email or websites of colleagues or associates;
  • Vishing Scams – voice recordings of employees gaining access to sensitive customer accounts and files may be made in order to defeat security systems;
  • Pretexting Scams– a hacker who takes time to build trust with his target before launching an attack is deploying a pretexting scam;
  • Fake IT guy – in this brazen sort of attack an individual may present himself at the target company headquarters, pretending to be a technician, and get access to the company’s systems;
  • Reverse social engineering Scams – in this scam an individual may gain access to a target’s databases and do just enough damage to be noticed, then swoop in and offer to help repair the damage when in fact he/she plans to exploit the existing damage and scoop out reams of data;
  • Social media phishing Scams– these are the quizzes that your friends fill out on Facebook and Instagram that allow the maker access to your personal information;
  • Professional social media phishing Scams – a person posing as a job recruiter may send a link to a great opportunity via direct message on LinkedIn,  but when the application is completed the job is nonexistent and the scammer has all of your personal data;
  • Baiting Scams– dangling a tempting offer, such as malware disguised as free software or an upgrade is often called baiting; scammers may also drop USB drives infected with malware around the corporation they seek to target and wait for someone to pick one up and use it, unknowingly introducing malware into the computer system.

email scam

Important things to remember

Even if an email or text request is from someone you know well, slow down and look closely when sensitive account information of any sort is requested this way. Banks never ask for PIN numbers in an email, nor should you ever have to “verify” such an account.

Examples of social engineering

All sorts of companies are vulnerable to social engineering. In a rare breach of data at the consumer reporting agency Experian, a Vietnamese man posed as a private investigator to get access to data and exploited the breach to gain access to thousands of files. The man was actually in the business of stealing identities.

divorce

5 Ways to Find Out If Someone Is Divorced

Per the Freedom of Information Act, marriage and divorce records are both considered public records…
17 January, 2020 Dating & Relationships

How To Find Someone’s Birthday

There are times when you want to surprise someone on their birthday, but realize that…
30 December, 2019 Privacy
facebook people search

How Does Facebook People Search Work?

Social media platforms are great for finding long lost friends or family in far-flung places,…
26 December, 2019 Cyber Security Privacy
record expungement

Things You Should Know About Record Expungement

Having a criminal record can cripple a person’s chances for many opportunities in life. Along…
23 December, 2019 Crime
social engineering scam

What is a Social Engineering Attack? Techniques & Prevention Tips

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
18 December, 2019 Crime Cyber Security Safety
social engineering scam

How to Lookup Someone’s Dating Profile and Why You Should Do It

Online dating has become the new normal for people who want to be in a…
27 November, 2019 Dating & Relationships Privacy
young family

Best Places for Young Families to Live a Good and Balanced Life

Living the good life in that perfect little corner of the U.S. is a dream…
21 November, 2019 Safety
Michigan

7 Most Dangerous Cities in Michigan

Michigan is one of the largest and most populated states in America. Located in the…
25 October, 2019 Crime
us mass shootings

Mass Shootings in the United States

Mass Shootings Statistics and Timeline Unpredictable mass shootings rock the United States with sporadic frequency.…
24 October, 2019 Crime Safety

10 States with “No Candy” Laws for Halloween

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
06 October, 2018 Law Enforcement
best apps for cheating spouse

7 Apps to Use for Cheating Spouses

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
01 February, 2019 Dating & Relationships
background checks details

Does Infotracer Notify the Person You Ran a Background Check On?

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
10 December, 2018 Safety

What are the 5 Biggest Online Scams?

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
13 August, 2018 Cyber Security

Online E-Card Scam: When Good Wishes Deliver Troubles

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
11 October, 2018 Cyber Security
texting while driving

Who’s More Likely to Text and Drive – Teenagers or Their Parents?

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
27 June, 2019 Safety

5 Things You Should Know Before Exploring the “Dark Web”

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
27 August, 2018 Cyber Security

Best and Worst States for DMV

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
15 May, 2019 Safety

Privacy Controls: Part 1: Facebook: Must Do Changes To Secure Your FB Account

Social engineering attacks are a new approach to stealing a person’s sensitive information or gaining…
13 August, 2018 Privacy