Navigating the Maze of Social Engineering

  • Home
  • Decoding Cyber Deception: Top Three Social Engineering Schemes
Woman using a laptop displaying a prominent 'Unsecured' warning sign and alert message, illustrating concerns about digital security and unprotected internet connections.
ATECHSO February 21, 2024 0 Comments

Decoding Cyber Deception

In general, there are three major ways that cyber-criminals use social engineering to steal your info. Cyber-criminals use social engineering every day in an attempt to hack into people’s personal information. Social engineering preys on the human condition to gain trust, manipulate people and get them to give out personal details.

Email

This is one of the most prominent ways to steal information. Social engineering has been around nearly as long as emails have, and it’s guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cyber-criminals.  Maybe the bank is confirming your account number and social security number because of an “account breach”.  Why not? The bank is a legitimate business, and the email looks real. Better yet, wouldn’t you love to be a secret shopper? Receive a check for $1000, cash it, and perform a job. Innocent enough, right? You wire initial fees and then attempt to cash a bad check. These are just two examples how social engineers prey on unsuspecting and trusting people. If it’s not sending money or giving information, then the email most likely contains malware to infect you and hack into your data. It’s amazing how many of these scams are in your email.

Cyber-criminals Posing as Someone You Know

Another form of social engineering are email scams. This involves cyber-criminals posing as someone in your company, particularly the CEO or someone high up in the financial department. They send an email that looks like it’s from your boss asking you do something quickly or process a PO immediately. Usually, something about the email address will be a bit off.  Letters are swapped around or a .net becomes a .com at the end of the email. When you open it or click on the link, malware infects your computer. This scam is highly effective because it’s sent to everyone in the company, and people often take it as important because it coming from the “boss”.

The most obvious way to pose as someone you know is through copycat Facebook profiles. Cyber-criminals use this prominent scam to trick people into thinking they are receiving a friend request from someone they know. This false profile contains a few photos from the original person’s profile, so it looks more real. As unsuspecting friends add this profile, it begins looking as being more legitimate because of similar friends and associates. This copycat profile asks for money or sends links containing malware to infect your computer, or even it corrupts your Facebook profile by gaining access to personal information.

Malvertisements

Finally, a newer way for cyber-criminals target people is through advertisements. Considering ads are everywhere online now, this social engineering concept is about creating incredibly easy ransomware ads that are a bit difficult to spot among the hundreds of ads people see every day. How cyber-criminals use this type of social engineering is they literally deploy ad campaigns displaying a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software. Sometimes, a pop-up will come on your computer saying your computer is infected and instruct you to click the link to clean the virus.

The key to spotting these three general social engineering styles is to be vigilant. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you confirm and absolutely trust the sender. If you’re asked to click a link and update account info, type in the web address to the real site rather than click the link. If you get a friend request from someone, look over their profile and ensure it’s real. Check out their friends, photos, and posts to ensure they aren’t fake. Check to see if you already have that friend on your list. Finally, don’t trust any anti-virus pop-ups or ads. Stay safe out there!

Leave Comment