Did you know the human brain is easier to hack than a computer?
Let that sink in. 🤯
Of course, we aren’t suggesting you can physically hack a brain (yet). We’re talking about social engineering! Social engineering is essentially manipulating someone in order to have them provide confidential information. In the world of technology, cyber criminals use social engineering to attempt to hack into a company or an individual’s systems either to gain access to sensitive information for ransom or to gain access to bank information among other motives.
The reason this is easier to do than using hacking skills to physically hack into a system, is because cyber criminals prey on human nature to get the information they want.
Common Social Engineering Tactics and Scams
Don’t fall for the bait!
Cyber criminals usually prey on your goodwill, lack of malice, or will flat out fool you into giving them sensitive information.
Some common (hypothetical) scenarios to watch out for:
Phony Phone Calls
Nick receives a call from someone saying they’re a new employee who’s starting on Monday and needs to get logged into your company’s system. They explain that your boss is out of town and left word with his assistant to contact you for the information. Nick trusts this narrative and does not question it or verify that it’s true because “they sound friendly.”
Rory receives a call from someone saying they’re an IT person who was hired by his supervisor. They explain that his supervisor told them to ask Rory for the password/access to the business's systems. Rory doesn’t have time to verify that this information is true, so he just gives them the information. Cyber security tip: An IT professional will NEVER ask for passwords to any of your accounts or systems.
Briana receives a call from a "medical professional” stating that a family member gave them her phone number. They explain that her family member has had an accident and needs access to your bank accounts in order to pay for their life-saving procedure which they can’t afford. Of course, like most people, Briana would do anything for her family and gives up the information without question. Not to mention, she is panicking for her injured family member and her judgement is impaired.
Daniel receives an email from "his boss” saying they need him to help them complete a “confidential task” and require sensitive information. Daniel surrenders the information since it appears the email is coming from his boss. The hacker was able to gather information on who Daniel’s boss is through his LinkedIn information. Cyber security tip: Whenever you receive these types of emails, verify that the sender's email address matches exactly with whoever you believe the sender is posing as. Usually it will not be the same.
Nikko receives an email from “his coworker” saying they need to make an important purchase for his client and need the company’s bank information. He surrenders the information because it appears to come from his trusted coworker. The hacker was able to gather information on who his coworkers are through his company’s Team section on their website.
Shannon receives an email from a friend saying they need her to help them buy gift cards for their common friend’s birthday present and that they’ll pay her back as soon as she sends them "a photo of the back of the gift cards." Shannon does this without question because she trusts her friend. The hacker was able to gather information on who Shannon’s friends are through her social media profiles.
PJ receives a direct message (DM) on Instagram from a reputable brand stating that they love his content and want to collaborate with him on content and additionally wish to compensate him. This is very exciting for PJ and he surrenders his bank information as soon as they ask for it. What PJ didn’t realize was that the page wasn’t the official brand’s profile, and they were scammers posing as the company. Cyber security tip: Always verify that the account that's messaging you is legitimate, whether through verification (a blue checkmark next to their profile), follower/following count (A spam account will have low numbers), or asking to speak to someone over the phone about the collaboration (Try suggesting a video call).
The Jist of it
You or your company can have as much security software and automations set in place as possible. However, at the end of the day, your security is only as strong as your employees'. It’s always a good idea to educate yourself and your workforce about social engineering attacks and how to detect and avoid them. They are way more common than we think, and anyone can become the next victim.