Human emotion can be a big part of the strategies fraudsters use when trying to get what they want. It’s easy to think that online scams are simply the result of password strength or fragile security software, but that’s not always the case.
So, what is social engineering?
Social engineering is a technique that targets the emotions and feelings people have to get them to behave in a certain way.
For example, many scammers tried to take advantage of the COVID-19 pandemic, as more people worked from home or were in need of financial or other help. Some scams included fraudsters contacting people and offering COVID-19 testing to try to steal personal information. In this case, scammers tried to use the fear and uncertainty of the global health crisis as an opportunity to steal identities.
More than just fear tactics
Many human emotions can be used against intended victims. Scammers use empathy, fear, curiosity, enthusiasm, greed, urgency and many other emotions to get people to fall into a trap.
Social engineering can take place using social media, telephone, text, email, and even in person. Fraudsters may target random people, but frequently conduct extensive research on individuals or corporations to tailor their approach to match the target. There are multiple forms of social engineering that target consumers and businesses alike.
Five common types of social engineering
- Account takeover: This is where a fraudster will hijack a legitimate company email account and use that platform to target an employee or a customer. They make a request, such as a money transfer or customer’s personal information, leaving the company or customer vulnerable.
- Phishing, smishing, or vishing: Whether via a forged email (phishing), text (smishing), or phone call (vishing), a fraudster will attempt to collect log-in or other personal information, often impersonating a company. There’s also spear phishing, where a fraudster will pick a target and research them at length. This customizes their approach and makes the correspondence look even more believable.
- Fake viruses: No one wants their devices to get infected with a virus or other destructive software. Fraudsters can use that fear against individuals by showing them a pop-up indicating that their computer is infected. The goal is to get the user to click on the pop-up, which will then take them to websites that will truly infect their device with a virus or other malware.
- Baiting: If you come across an offer that seems too good to be true, it probably is. This technique offers the chance for an exotic vacation or a slick looking car. Whatever prize or reward the fraudster is offering, the goal is to obtain information like your email. Or the offer could ask that you click on the link to claim the offer, which would then take you to a website that might ask you for a bank password or social security number.
- Quid pro quo: This type of hacking attempt often happens to company employees. For example, a scammer could pose as an IT colleague that is looking to update software on your computer. In these scenarios, they’ll ask for log-in credentials in order to do so. The scammer would then have access to sensitive information such as customers’ personal information.
What can you do to protect yourself?
For specific tips from PNC employees on how you can safeguard yourself from social engineering attempts, click here.