- Knowledge is power because social engineering preys on the instinct to trust and human error.
- Legitimate businesses will never ask for money or sensitive information out of the blue.
- Scams can impact more than your money — they can also compromise your sensitive information and both your individual and business reputation.
Whether or not you’re familiar with the term “social engineering,” you’re likely familiar with its underlying concepts.
Social engineering refers to the act of manipulating someone (often via digital communication) into providing sensitive information that could be used to commit fraud. Social engineering may target an individual,or it may target an entire business. And while it may sound simple to see through cons like these, the grim reality is that increased technology use allows scammers to appear remarkably convincing.
The best counterattack? Education. Here, we’ll explore social engineering (and some of its most common forms, like phishing). The more you know about exactly how these scams take shape, the easier you’ll likely find it to prevent them from happening in the first place.
Social engineering and phishing defined
Social engineering, in the most general sense, is the use of deception or emotional manipulation, usually through digital means, to scam victims out of private information that can then be used for fraudulent purposes. When it comes to the world of business, in particular, it refers to the use of deception to access sensitive data, private facilities, network systems and more by exploiting the trusting nature of employees.
It’s a simple enough definition, but social engineering takes many forms — it may involve a call from a scammer posing as a relative who needs money or an email in which the fraudster poses as a company CEO.
One of the most well-known forms of social engineering is phishing, which involves sending deceptive emails. The term “phishing” has also spawned similar names for deceptive phone calls (vishing) and text message scams (smishing).
Common examples of social engineering
Understanding the many ways in which social engineering can manifest is crucial if you’re intent on safeguarding your information and assets from scammers. Common examples worth noting include:
Just keep in mind that the above list covers only a few entries on the ever-expanding list of scam tactics that modern fraudsters rely on. With that said, we’ll dig a bit deeper into the first two of these common tactics below — tech support scams and caller ID spoofing (number spoofing) — to give you an idea of what to look for and make you a more alert consumer.
Tech support scams
Tech support scams are a type of social engineering attack that’s grown increasingly common. True to their name, these scams feature scammers who pose as tech support specialists via phone calls, pop-up messages or emails to trick victims into granting access to their computer or certain online accounts.
The one-time passcode (OTP) scam is a prime example. It involves a fraudulent tech support specialist asking you to provide a one-time passcode in order to fix an issue with a service you use. Then, once you provide the OTP, the scammer gains access to your account and any sensitive information (or features, such as the ability to send money) associated with that account.
Caller ID spoofing
Caller ID spoofing is a scam that’s grown wildly popular since the rise of the smartphone. Spoofing occurs when the scammer manipulates the call recipient’s caller ID to show a number other than the one they’re actually using. Sometimes it’s just any old decoy number to ensure the fraudster’s anonymity. Other times, however, the scammer will choose a local number or copy the number of a reputable business or agency to create a more believable scam.
Why is social engineering dangerous?
The danger behind most forms of social engineering is fairly straightforward: Falling victim to scams places your financial well-being and personal information at serious risk. Successful scams often result in a direct and impactful loss of money and sensitive information, and can adversely impact your life in several other ways, like by damaging your credit.
Scams can deal serious reputational damage, too — especially to businesses who fall victim. Fraudsters who opt for social engineering tactics depend on human error and trust to succeed, and this can tank consumer and client trust.
How to protect your information
As technology evolves, scammers are growing ever more creative unwitting victims. The bright side? There are a number of best practices you can follow to help keep your money, sensitive information and reputation safe from harm.
- Never provide payment details or other sensitive information over the phone unless you initiated the contact with a reputable party. Legitimate businesses and government agencies will almost never request direct payment or sensitive details over the phone, if ever. They’ll never request unusual forms of payment, like cryptocurrency or gift cards, either.
- Never hand over passwords or OTPs. It’s especially important to avoid sharing OTPs you didn’t request yourself, as unsolicited OTPs are often a sign that there’s a scammer at work.
- Don’t grant someone access to control of your computer if you didn’t connect with them yourself. If you receive an unexpected request for control of your computer in the name of “tech support,” it’s probably a scam.
- If you’re concerned your payment information has been acquired, consider freezing debit and credit cards, or requesting new ones altogether. This should help cut scammers off from your money.
- Consider freezing your credit if you’re not planning to apply for loans or credit cards in the near future. This prevents lenders from accessing your credit reports, which, in turn, prevents them from issuing credit in your name. It’s a particularly smart move if you think your Social Security number has been compromised.
- Report the scam to the appropriate authorities. You can report suspicious activity or general fraud to the Federal Trade Commission. If you think your identity has been stolen, however — as is often the goal with social engineering — file an identity theft report, too.
