While some of these attempts seem so easy to spot for many of us, there are so many that take the bait. To improve their efforts of success, scammers (or at least the good ones) rely on social engineering techniques.
Social engineering is the art of manipulating someone into divulging sensitive information or making critical security mistakes. By incorporating certain words or phrases into their text, email, phone call, or even an in-person conversation, the scammer can greatly increase their chances for a successful attack.
Here are some examples of the common persuasion tactics used by scammers.
Pretexting is focused on crafting a compelling story in hopes that their victim will take the bait. The options are endless but generally the scammer is playing the role of someone needing sensitive information to perform a task. To get the desired information, they ask as series of questions to slowly collect your data. Pretexting can be difficult to spot but before you begin divulging sensitive information verify with the individual who they are and why they need this data.
It is commonly known that people respond to authority. Scammers use this to enhance the role they are playing by claiming to be a credible expert, law enforcement agent or government official. Other times, they may pretend to be your supervisor or another top-level executive. By touting their superiority, the scammers generally draw in more victims who only want to comply. Watch for threatening language such as threats to terminate your employment, account suspension or imprisonment for failure to act on their request.
Reciprocity refers to the social engineering tactic of offering a gift or information. Just like putting bait on a hook, accessing this free “gift” will only lead to despair. Knowing the enticing nature of gifts and free offers, scammers craft their campaign around it. With common lines like, “you’ve been specially selected!” or “you’ve won the grand prize!” the message grabs our attention then shuttles the victim into what they need to do to claim their prize. Remember, if it seems too good to be true, it probably is.
Social engineering tactics have been used for years and will continue, so we must build up our defences. Whenever in doubt, pause and think twice before acting on something or providing information. Hover over any links before clicking and beware of any requests to download a document.