Social Engineering Tactics Used by Scammers

Have you ever received an email, text, or call from any source other than the government, asking for information that sounded harmless to you? If you gave any information without understanding what it leads to, you may have been a victim of a fraudulent social engineering exercise.

What is Social Engineering?

From an Information Security perspective, ‘social engineering’ refers to all the attempts to trick people into giving secret or personal information, especially on the internet, and using it for harmful purposes.

One way that scammers and fraudsters know what you could fall for is by building a profile on you. They scour the internet for intimate details of your personal life. This is also a key goal in romance scams where a love interest is wooed to give details of their finances, location, workplace, and even neighbors. 

What looks like a harmless chat to you can be vital information for scammers. So, how does it work? 

Social Engineering Techniques

An attempt to steal your information may begin with an innocent-looking text with a link to an attractive offer. Fake shopping discounts and vouchers are the top bait. Clicking the link takes you to a site specifically set up for phishing, malware, or simply collection of your contact details for spam and marketing lists. 

“So what if I get some spam emails? That’s normal.”, you might think. Here is what happens behind the scenes: 

• Scammers only had your phone number.
• You filled in your email ID and maybe address on the site the link went to. 
• Using your email, the scammer can go to social media sites and search engines to discover your photo, real name, and more.

Do you see what is happening? Bit by bit, the information you give builds up consistently to a full picture. This is why we recommend that you must never share these details online! What began from a random text developed into giving your email and your name which revealed your social media accounts. 

The Problem of Social Media in Social Engineering

Social media accounts are a goldmine of information. Any scammer on Facebook, Instagram, Pinterest, or Twitter can usually see details like: 

• Your real photo and those of family and friends
• Your likes and interests
• Your location and regular hangout spots which you post using the check-in feature on Facebook
• Your job history and academic achievements
• Business pages that you’ve created

If you are interested in topics on investment, you can be a prime target for investment scams or money-flipping scams on Instagram. A good tip is to limit sharing vital information on social media. 

Whereas, if you have liked a lot of shopping pages on Facebook, you are likely to be targeted by ads for fake shopping deals on your timeline. Fake ads are the number one means of scamming shoppers from social media. 

Watch Out for These Techniques

• Vishing - phone calls made by fake tech support or customer care reps who communicate that they wish to help you and can be trusted. 
• Baiting - scammer lures you with the promise of a sweet deal. It’s common in online shopping, online gaming, and paid software downloads. 
• Pretexting - scammers impersonate trusted institutions like local hospitals, charities, and clubs under the pretext of asking you to contribute towards a legitimate cause.

How to Protect Yourself

• Reject all unwarranted requests to give your financial and personal information like bank details and ID. 
• Secure your computer and phone by setting up security apps and features, and always keep them up and running. 
• Be wary of requests to offset your help when it comes from any business or charity you have no relationship with.