What Is Social Engineering?

Social engineering is a way of running scams that tricks victims into passing on personal information by taking advantage of natural tendencies and emotional reactions. It’s different from more traditional, technology-based scams, like breaking into a computer network or accessing personal information on the internet. It relies on the victim’s inclination to want to help or solve a problem.

There are six types of social engineering scams:

1. Baiting.

You find a USB stick that reads “Confidential.” It’s very intriguing and you’re curious — you want to find out what’s on this USB stick. You plug it into your computer. The USB stick installs malware onto your computer which allows it to send your personal information, such as credit card numbers, usernames, passwords, and the like to the fraudster. This scam relies on your natural curiosity to bait you into stealing your personal information.

2. Phishing.

Phishing has been around for a while because it continues to be a successful scam. A fraudster will send emails or texts that look like they come from a company you trust, like your financial institution. This email will indicate that there’s a problem with your account and you need to log in immediately by clicking a link. The link takes you to a website that looks legitimate and you log in. When you do that, you’re giving the fraudster your personal information. This scam uses your fear of being compromised to lure you into clicking on a link.

Spear Phishing is even more treacherous. This is when a criminal targets a specific individual or individuals to access specific records. This typically happens at larger companies; you receive an email from your CEO, asking you to perform a task like purchase gift cards and give them the codes. It’s an odd request, but it’s coming from your CEO, so you do it. This scam depends on your desire to be a good employee and respond quickly to requests from your boss.

3. Email hacking and contact spamming.

You get an email from a friend that reads “You have to check out this cool site I found!” with a link. It’s from your friend, so you go ahead and click the link. It sends you to a website that might install malware or collect your personal information. This scam is based on your natural inclination to trust people you know.

4. Pretexting.

We’ve all seen or heard about the email that purports to be from a representative of some long lost relative in a foreign country who has left you a significant inheritance. All you have to do is provide some personal financial information to prove who you are, and they’ll transfer the money directly into your bank account. However, there is no inheritance; they’ve just stolen information that will allow them to access and withdraw your funds. This scam relies on an interesting ploy to capture your attention and your natural inclination to want to believe this is true.

5. Quid pro quo.

A fraudster calls you, pretending to be an IT support technician. You give them your login and password to access your computer, thinking you’ll receive technical support in return. Instead, the scammer will use this information to install malware or steal your personal information. This scam involves our sense of fair play — I give you this, you give me that.

6. Vishing.

You get a call from someone who is pretending to be one of your relatives who is traveling, has been arrested, and needs bail money. Of course, you want to help, so you send money right away. Later, you talk to this relative and ask about it. This is when you learn it wasn’t them and you’ve been scammed. This scam relies on your natural instinct to help a family member.

Fraudsters are becoming more and more sophisticated. Cyber criminals can use these tactics to perpetrate a one-time crime — which is called hunting, or a long-term attack — a method known as farming. Hunters like to get as much information as possible in the shortest amount of time. Farmers establish a relationship with their victims, stringing them along in order to capture a lot more personal data.

If you wish to comment on this article or have an idea for a topic we should cover, we want to hear from you! Email us at editor@texell.org