IT Service and Cybersecurity Experts – Leverage IT Group, LLC.

How Cyberthieves Use Social Engineering to Exploit Your Weaknesses

How Cyberthieves Use Social Engineering to Exploit Your Weaknesses

Social engineering is at the heart of most cyberattacks. It’s used in email, text messages, phone calls, social media direct messages, and online forums. 

This tactic is one of the most used because it can often get a hacker past mechanical defenses. You can’t flatter or threaten an antivirus program into allowing your malware into a system. But you can trick a human being into clicking a link that takes them to a site that injects malware automatically.

The need to get past automated and mechanical systems that are running via code in firewalls and other network IT security systems is why phishing using social engineering is so prevalent. 

Social engineering is about using a variety of psychological tactics to get a person to do what you want them to do. It’s the foundation of phishing and is responsible for over 80% of all reported cyber incidents. 

To combat the use of social engineering and the resulting breaches that can occur when it’s done successfully, you need to understand it.

We’ll start with some of the common tactics used to prey upon your weaknesses and emotions and get you to take a certain action.

Emotional Tactics Used by Social Engineering Attacks

Fear

Fear can often cause people to act impulsively without thinking something through. For example, an employee may click a link that says, “Your email has been compromised, click here to fix the issue immediately!” for fear they could get blamed if something bad happens.

Another common scam that uses fear to manipulate people is a call from someone pretending to be with the IRS threatening arrest or garnished wages if a “past bill” isn’t settled right away with a credit card.

If someone is urging you to take action right away before something bad happens, that’s a telltale sign of social engineering.

Reward/Excitement

Many an excited business owner has been fooled by the promise of a large purchase order, only to find out later it was a scam and they’re out of money, and maybe product too.

Often, the promise of something like a free offer or large PO can cause someone to throw caution to the wind and be taken in by a clever ploy. They may even think, “Why would a scammer want to give me money anyhow?”

But a common social engineering ploy that uses the promise of a big reward goes like this:

  1. The scammer sends a “PO” in a sizable amount.
  2. They indicate that they want to use their own shipping company.
  3. They send that appears to be a payment for the order and the shipping, and it’s “pending” in the victim’s bank account.
  4. The victim pays the shipping company (which is just the scammer, not a real shipping company)
  5. A day or two later that “pending” deposit from the scammer is deducted when the bank finds out the funds were not real. (Yes, this happens. Sometimes it takes the bank a few days to identify a fake wire or check deposit.)
  6. The victim is out the money they paid the fake shipping company, and any product they might have gone ahead and shipped out.

Curiosity

A common social engineering ploy is to spoof a company’s internal email domain so a phishing email appears to be from inside the company. It says something non-descript, such as “Hey, I thought you’d love to see this!” and has a link.

The recipient thinks that it must be legit since it appears to be from a colleague. Even though it might seem a little strange, their curiosity gets the better of them and they have to see what the person sent.

Another curiosity ploy that also involves some anger thrown in is the fake Amazon invoice. This is popular to send around the holidays when online shopping is at its annual high.

The victim receives a copy of what appears to be a receipt from Amazon for something they didn’t buy, so they click the link to find out what’s going on and may even be upset thinking they’ve been charged by mistake.

How to Avoid Falling Victim to Social Engineering

Knowledge of the types of scams you can run into is an important tool in the defense against social engineering. It’s also important to deploy a safety net of IT solutions that can help prevent a devastating breach after one wrong click on a social media link.

  • Know Where Social Engineering Can Happen: It can happen via email, phone, text message, social media, direct message, and even in rare cases, in person.
  • Educate Yourself & Others: Cybersecurity awareness training is vital to keeping abreast of the newest scams and how to spot them.
  • Deploy IT Protections: Use best practices for IT security, including antivirus, strong passwords, multi-factor authentication, firewall, etc.
  • Be Suspicious of Emotional Tactics: Always be suspicious of messages from unknown senders, especially if they use emotional tactics. 

Improve Your Protections Against Phishing & Social Engineering

Leverage IT Group can help your DFW area business ensure you have the protections in place that will fortify your IT network against social engineering. 

Contact us today to schedule a free consultation. Call (469) 458-0559 or reach us online.

 

  Scroll to Top