Social engineering cybercriminals use life-like scenarios to prey on every day humans. They want to get people to willingly give out personal information. In general, there are three major ways that cybercriminals use social engineering to steal your info.
This is one of the most prominent ways that information is stolen. This side of social engineering has been around nearly as long as emails have, and it’s guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps you won a lump sum of money or a distant relative whom you’ve never met wants to wire you money. All you need to do is pay a few fees to receive the money and you get to keep a portion of his millions. Totally legitimate, right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach”. Why not, right? It’s not shocking that people are falling for these scams daily. The bank is a legitimate business, it must be real, even the email looks real. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware hidden within the email. The links in the email will deploy malware to infect your computer files and obtain information about you. It’s amazing how prevalent these scams are, and how some people are unknowingly passing out personal information.
Posing as Someone You Know
Another email scam involves cybercriminals posing as someone in your company, usually the CEO or someone high up in the company. They send an email that looks like it’s from your boss asking you do something really quick or process a PO immediately. If you pay attention, usually something about the email address will be a bit off. As soon as you open it or click on a link, malware infects your computer. This scam is usually highly effective because it gets sent to everyone in the company, which increases the odds of someone falling for it, and people often take it as important because it came from the “boss”.
The most obvious way to pose as someone you know is through copycat Facebook profiles and social engineering via social media. Cybercriminals use this prominent scam to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile, so it looks pretty real. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile by gaining access to personal information.
Finally, a newer way for cybercriminals to target people is through advertisements, also known as malvertising. Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of ads people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software, or a pop-up will come on your computer saying your computer has been infected and instruct you to click the link to clean the virus.
The key to spotting these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you confirm and absolutely trust the sender. If you’re asked to click a link and update account info, type in the web address to the real site rather than click the link. If you get a friend request from someone, look over their profile and ensure its real. Check out their friends, photos, and posts to ensure they aren’t fake. Check to see if you already have that friend on your list. Finally, don’t trust any anti-virus pop-ups or ads.