Social engineering is when a criminal creates convincing fake profiles to connect and interact with a target or group of targets. Criminals create profiles then build up a network of connections to make them appear trustworthy, and eventually connect with their actual target. Once the request is accepted a criminal can steal information or launch a cyber-attack. Here are a few examples:
- A criminal might call you saying your credit card has been flagged for unusual activity and the bank needs to verify your information (credit card number, mother’s maiden name, etc.) before issuing a replacement. He or she will offer up the last four digits of your card and perhaps the date and amount of a recent transaction to gain your confidence and make he or she sound legit.
- Another classic con is when an attacker poses as someone in your company or a consultant or another trusted outside authority such as an auditor. With a little confidence, anyone could just tailgate their way into any building and gain access to information.
- Criminals might pose as your Facebook friends or other social media connections and then learn information from your profile or your posts.
- Phishing attacks and rogue websites that pretend to be trusted companies all also fall into this category of cons.
- Criminals can get into accounts through relaxed company procedures which require only minimal bits of information to identify users.
Always check the identity of telephone callers or emails, especially those requesting personal information.
The most important thing you can do to prevent being socially engineered yourself is to embrace skepticism and always be as vigilant as you can. Just being aware of common tricks puts you one step ahead of the game. Be aware of the information you release on both verbal communication and social media like Facebook or Twitter. When asked for information, consider if the person you’re talking to really needs the information they’re asking about.