Scamming is one of the oldest tricks in the book. Who hasn’t heard reports of some elderly person being defrauded of considerable sums of money by some fraudster who called them up and told them some crazy story?! In many cases, scanners are even highly successful with the “grandchild trick” and similar ones.
However, this industry also relies on the possibilities that digitization opens up. It’s a space where the term social engineering has become established, where people are emotionally manipulated to induce certain behaviors.
Read on to learn all about social engineering, what tricks scammers use, and the significance of human vulnerability in this context.
What is social engineering?
Social engineering actually means “social manipulation”. Social engineering is ultimately a generic term for a variety of different methods used by cybercriminals to harm unsuspecting victims.
They may try to trick us into revealing personal or company information, opening links to infected websites, or allowing malware to be installed on our computer without our knowledge. These hackers manipulate their victims by bypassing security procedures to gain access to computers and/or personal information.
The origin of social engineering
The term social engineering originates from social science. Dating all the way back to the late 19th century, even back then it referred to the efforts of actors such as the media, governments, or private groups to manipulate. In terms of how we use it today, however, social engineering is now closely associated with cybersecurity.
Human vulnerability: The psychology behind social engineering
You’ve already guessed that people are a particularly lucrative “gateway” because they repeatedly fall into cybercriminals’ many traps, albeit unintentionally. And the tactics used are highly creative when it comes to tricking us.
Above all, scammers — also known as social engineers — exploit characteristics that determine our social coexistence: Helpfulness, trust, and loyalty towards colleagues and the employer, for example. Employees often have to deal with deception, which is why regular security training is mandatory in many companies.
But cybercriminals also like to exploit our fear of authority and respect towards public authorities, which are things that can also affect us in our personal lives.
That’s why you should take every step to protect your personal devices from manipulation attempts — with sophisticated security software being an essential ingredient. Avira Internet Security helps you protect your PC from a range of threats like phishing attacks, ransomware, Trojans, and viruses.
The tricks of the social engineering scammers
The methods and approaches employed by social engineering scammers are many and varied — and there’s no such thing as a single scam. That’s why it’s all the more important to know the most common social engineering tricks and the communication channels. That’s because we behave far too carelessly far too often:
- You’ve received an email requesting you to change your password or PIN.
- You’ve been made a really lucrative offer via a messaging/chat service, which later turned out to be fake.
- You confirm contact requests from strangers via social media platforms like Facebook, Instagram, or TikTok, giving these complete strangers the chance right away to collect personal information.
In the following, we present some of the tricks used by social engineering scammers that you’ve probably heard of — or have been affected by yourself.
Widespread social engineering method: Phishing attacks
Phishing attempts involve the mass sending of bogus emails which cybercriminals use to obtain protected, sensitive information such as PINs, log in credentials, or bank details.
Banks, for instance, regularly warn us about phishing attacks. These include where you receive frighteningly genuine-looking messages asking you to change your password — taking you straight to a fake website if you click the link in the message. If you were to enter new log in details here, the scammer would immediately have unrestricted access to your account.
In the case of another variant called spear phishing, attacks are targeted specifically at selected persons (groups) with which the scammers want to achieve a higher hit rate.
Non-technical social engineering tricks: Shoulder surfing and dumpster diving
A major problem is the exploitation of users’ carelessness in public spaces. Because many do not save their laptops from prying eyes by using a privacy film, seatmates can gather valuable information simply by looking over our shoulder in a shoulder surfing attack.
Another non-technical method is dumpster diving, which also helps cybercriminals prepare their social engineering attacks. Dumpster diving refers to stealing sensitive documents from trash cans. Even documents shredded into strips can be recovered and used if the right amount of criminal effort is put into it.
Widespread social engineering trick: Contact spamming
With this trick, hackers send spam messages to all their victims’ contacts. The emails appear genuine to the recipients — and rarely end up in spam folders because the sender seems trustworthy. Such an email from a “friend” usually contains a link that is shortened so that you can’t see the actual content until you click it. However, if you do click it, an exact copy of the spam message is sent to all your contacts to continue the spam chain. Additionally, there is a great risk that you will download spyware or other malicious software via the link.
Quid pro quo as a social engineering attack
Quid pro quo, or favor for a favor, is a kind of social engineering attack where cybercriminals want to do you a favor. They like to pose as an IT support engineer and ask for your log in details so they can perform a supposedly important security check.
How can you protect yourself from social engineering?
Although there is no such thing as complete protection, there are some steps you can take to protect yourself from social engineering. IT security experts advise never to email sensitive information such as account numbers or other log in information. Furthermore, it’s a good idea to take a look at the details of the email addresses that insurance companies, banks, or others send you. If you see a rather cryptic address, you can almost be certain that it’s a fraudulent message.
Top tip: Protect your laptops, smartphones, and tablets with free Avira Antivirus to strengthen your protection from social engineering scammers’ common tricks.
In addition, a browser extension is a great tool to increase your protection from social engineering attacks. If you use the free Avira Browser Safety add-on, you can better protect yourself from phishing and other harmful websites as well as third-party tracking and browser hijacking.Browser.