“Social engineering” combines technology, our willingness to trust and deception to scam us out of money and sensitive data.
Cyber crime relies on increasingly sophisticated versions of malware, hacking methods, botnets and other technologies. But it also exploits less technically sophisticated tactics that pre-dated the internet by decades. Trickery, coercion and the human tendency to trust have always been among the most effective tools in crime, and cyber criminals know how to use them.
Online confidence scams often depend on what is known as “social engineering.” Exploiting human fallibility and technology, the criminal coerces the targeted individual to act in a way that results in theft of money or information. These scams may also leverage a threat to make stolen, sensitive information public.
Using public data harvested from social media sites, professional profiles, blogs, websites or local news reports — often over weeks or even months — cyber criminals can gain a nuanced understanding of users and often their families as well.
The criminals can use this information to methodically build a relationship with a person and gain their trust. Once trust is established, the criminals can make a simple request for the target to click a link, send money or share personal information. They also may perpetrate a scam through a fake message that appears to come from a trusted acquaintance.
Social engineering efforts are often deployed against a business’s employees, but anyone with an online identity can draw the attention of a cyber criminal. Financial loss and manipulation, however, are not inevitable. People who verify any requests for money or personal information can avoid falling for most online scams. Thinking twice about the details you share online can also reduce the risk of becoming a target of this type of methodical crime.
Social engineering is effective because many people are not careful to monitor the amount of personal information they commit to the internet. Social media sites and forums, for instance, usually have privacy controls that allow users to restrict the amount of personal information that can be seen in public. But many users do not apply these filters and allow all the information they post to remain in public view.
The most meticulous cyber criminals may put as much time into building a persona of their own. Once they reach out — as a fellow alumnus, school parent or sports enthusiast, to name just a few examples — they may be able to anticipate a person’s reactions with a high degree of accuracy, making it easier to act and respond in ways that establish trust.
Scams can take many forms. While during the holidays requests for gifts or charitable contributions are common, regardless of the season, criminals may send email links that contain malware that gives them access to people’s devices, personal accounts or data. Some may demand ransoms to release the device or stolen information.
Ending online communication and trusting no one at all is not a practical strategy. Fortunately, it isn’t necessary. It’s possible to enjoy the convenience and connection of life online by observing some essential precautions:
Think before you post. A social media post doesn’t need to include a checking account or Social Security number to compromise you. Before you share details about your home and loved ones, consider whether it’s really necessary.
Review the privacy settings. Make sure that any online account through which you share personal information does not allow unrestricted public access.
Monitor your accounts. Watch for any suspicious activity and close those that are no longer active. Make sure to also monitor the accounts of any dependents.
Verify any request for payment or personal information. Even if a request seems to come from someone you know, contact that person through another channel to ensure the request has not been made by an impersonator.
Then we can provide you with relevant answers.Get started