Social Engineering is what the bad guys are using to get you to click on a link or give them your credit card details. They are using pure and simple psychology on you, using your natural instincts against you. It is a very sneaky tactic, but it works and it works really, really well.
What is Social Engineering
“social engineering is the use of psychological influence of people into performing actions or divulging confidential information”
Social engineering is using our natural responses against us. They do that by manipulating our instinctive responses to situations and turn them around to get us to divulge information.
Type of Social Engineering
- Reciprocity
- Commitment and Consistency
- Social Proof
- Authority
- Liking
- Scarcity
Emotional Triggers
- Fear and Urgency – We are scared in to acting without thinking or rationalizing the dangers
- Trust – We put our trust in the person and what we are being told is truthful .
- Curiosity – We are curious enough to find out if it is real that we don’t think it through first
- Sympathy – Our heart strings are pulled at so we act irrationally and without thought.
How they Work, with examples
Reciprocity – This one works as stated in a ‘help us help you’ situation. It is very common in Tech Support scams, and Lottery Scams. They want to help you ‘clean’ your computer or help you claim your lottery prize by helping them with paying a fee for the ‘cleaning’ or a processing fee for the lottery winnings (Uses the Trust and Sympathy Emotional Responses)
Commitment and Consistency – This is very common in finance scams. They say that you lost money in the last round but making another larger investment can double your earnings. (Uses the Trust Emotional Response)
Social Proof – This can be seen in marketing a lot. Where they see multiple good reviews for a product even though it is a scam. Everybody else likes it, it can’t be bad (Uses the Trust and Curiosity Emotional Responses)
Authority – This one is a tough one to beat. This is where somebody in authority uses their power over you to do something. Most commonly used in a work environment. The employee receives an email from the CEO saying that they have a special mission for them. They ask them to go and buy a bunch of gift cards and call them back. (This works, a lot!). Any figure of authority will work. It could be somebody pretending to be a member of the RCMP, Canada Revenue Services, even somebody claiming to be from Microsoft or Apple. (Uses the Fear and Urgency and Trust Emotional Responses)
Liking – this is where the snake oil salesman comes in. They are charming, know all the right things to say and sweep you off your feet with their charm. Very common in romance scams. (Uses the Trust and Curiosity Emotional Responses)
Scarcity – This can be used from a few different angles. ‘Hurry, they are almost gone’. ‘Hurry before you are locked out of your account’. Also, ‘Act now or we put the charges through on your account that are questionable’. (Uses the Fear and Urgency and Curiosity Emotional Responses)
How To Combat Social Engineering
Use a multi-layered approach to combating social engineering to not end up being another statistic or a payday for the scammers.
- Know the scams that are out there and how they work
- Ensure that you are using layered security – Multi-factor authentication, strong unique passwords for each account
- Never give out personal information to anybody (no matter how intimidating or convincing they are)
- Pause and Think. They will tell you there is no time and you have to do this now. If you say you want to discuss it with your family, they will say you can’t there is no time, or you need to keep this a secret (used in financial scams all the time, this is a one time tip, just for you).
- Remember the 4 P’s of a Fraud
