Following hard on the heels of yesterday’s blog post about how to protect yourself from social engineering scams, here’s a companion article that talks more directly to examples of the actual fraudulent techniques being used.
We at Broadstone Business Centre have all been exposed to one or more of these scams over time. And we know that, sadly, the lovely tenants renting our office and workshops have been targetted too.
It’s essential to educate yourself and your colleagues, and to be always vigilant.
Here are the 10 most common social engineering techniques used by scammers. It doesn’t matter what fancy name they have. Read them, study them, so that you will more easily recognise them when it’s happening to you.
- Phishing: This is a type of scam that uses fake emails, phone calls, or text messages that appear to come from a trustworthy source (e.g. a bank or well-known company) to trick people into revealing sensitive information such as passwords, usernames, or credit card details.
- Pretexting: This technique involves creating a false scenario or situation to convince the victim to reveal sensitive information. For example, a scammer might call and pretend to be from the victim’s bank, saying that there has been suspicious activity on their account and that they need to confirm their account information.
- Baiting: This involves leaving a physical device (e.g. a USB drive) in a public place, and waiting for someone to pick it up and use it, thereby infecting their device with malware.
- Tailgating or Piggybacking: This is when a scammer follows someone into a secure area (such as a building or office) by claiming to be someone else or simply by following closely behind them.
- Quid Pro Quo: This technique involves offering something of value in exchange for sensitive information. For example, a scammer might offer a free trial of a service in exchange for personal information.
- Fear-based tactics: This technique involves scaring the victim into giving out sensitive information. For example, a scammer might call and claim that the victim’s bank account has been hacked and that they need to transfer their funds to a “safe” account to protect them.
- Influence or authority tactics: This technique involves using a position of authority or expertise to convince the victim to reveal sensitive information. For example, a scammer might call and claim to be from a government agency, such as the IRS, and threaten the victim with legal action if they do not provide their personal information.
- Diversion theft: This technique involves diverting the victim’s attention from the actual scam by providing false information or distractions. For example, a scammer might call and claim that the victim has won a prize, but first they need to provide their credit card information to “verify” their identity.
- Vishing: This is a type of phishing that uses voice calls, rather than email or text messages, to trick people into revealing sensitive information.
- Watering Hole: This technique involves compromising a website that is likely to be frequented by the target in order to infect their device with malware.
It’s important to be aware of these tactics so that you can recognize them if they are attempted on you. Always be cautious when providing personal information and verify the authenticity of any requests before responding.
Photo by kat wilcox: https://www.pexels.com/photo/crime-scene-do-not-cross-signage-923681/