Financial records, trade secrets, and customer data are examples of information that could be extremely valuable. People who have access to this information are attractive targets for scammers and other types of attackers. These scammers know that simply asking for information could be the easiest way to get it. The techniques that the attackers use to trick someone into giving them access to sensitive information or valuable assets are called social engineering. Scammers also gather information to use in future attacks, this includes things like personal data or insider information. They might narrow down their targets by asking any employee questions about specific roles and duties within the organization. They also collect publicly accessible information on social media. Even small pieces of information can help scammers blend into the organization or plan future attacks.
Why does social engineering work?
People, often, tend to trust others. They want to be helpful and polite. Scammers can also exploit a person’s fear. Fear of missing a timely opportunity or not acting on an urgent request can be a powerful motivator. Scammers watch the organizations and individuals they are targeting. They attempt to be familiar, so people think that they belong. Therefore, they get to know common routines, expectations, and cultural norms. Then they can mimic and exploit these routine behaviors.
How do social engineers carry out their attacks?
They use a variety of means.
- Through technology: any technology you use to communicate can become a tool for a scammer. Fraudulent emails and text messages can entice, trick, or scare a person into clicking malicious links or sharing confidential information. Social networks provide personal details about people that scammers can use. Phone calls provide direct access for scammers to ask for confidential information.
- Human interaction: scammers may visit their target locations, often using a false identity. They might pretend to be a vendor, a contractor, a post office worker, or even an employee. A scammer might show up with a box of treats or use humor to build trust.
- Passive tactics: scammers can learn a lot just by looking at the dumpsters behind your workplace or home. They look for information like invoices, telephone directories, confidential documents, or printed emails. Scammers also look for discarded computers or mobile devices, they try to retrieve sensitive information from these devices. Scammers can use another technique called shoulder surfing to steal credentials. Using a camera, software, or their own eyes, the scammer would watch a user login into a system to learn their credentials.