Most recent

What is Social Engineering and who is vulnerable?

By Tom Skeen

More and more people each day are becoming victims to social engineering schemes and crimes. Simply put, social engineering is manipulating someone via telephone, online or in person or some other method in an effort to gain access to information that one under normal circumstances would not provide.

Those engaged in social engineering tactics are trying to obtain your confidential information ranging from the basic contact information (address, phone #, email address) to your bank and credit card information. They are trying to acquire this information so that fraudulent activity can be performed. The scheme is usually a numbers game meaning the more people the criminal contacts the higher probability of someone giving out information and often times they have some very basic information about the target

The schemes can be very technical and elaborate to quite simple. Recently a colleague of mine described an attempt by someone to gain his information. He received a call from an international phone number and the person claimed to be with a very large international retailer that has a pharmacy. The caller informed him that his prescription was due for refill but his credit card information was no longer valid. Fact - credit cards expire, most people as they age have routine medication that they take and larger international retailers cross-lines with many people. Fortunately this person did not provide any information, but how many people would if they already had a relationship with this retailer & pharmacy?

Another example of a social engineering scheme is when someone is sent a random email that has a link embedded that might seem to be valuable or the perception that by accessing the link they will go to a trusted known business partner. The information is gained by someone accessing the link from their computer and then malware is installed which provides access to information stored on the computer or provides real-time information when the user accesses a website (logons/passwords).

Everyone is vulnerable and part of the problem is that some people are easily manipulated because they are not informed and there are a large number of varying schemes that criminals use. The best way to defend against this type of activity is to always initiate the call and communications to business partners via known published contact methods. NEVER give anyone personal information whether over the phone, email or in person unless they are verified and trusted and do not click on random links within email communications.

People aren’t always whom they appear to be and things aren’t always what they seem to be. Have you been a victim of a social engineering scheme?

All posts