Author: Lee Seidman
At the most basic level, “social engineering” is just a modern expression for “hacking the mind” using persuasive techniques to influence and inspire action without cognition. The language itself invokes intimidation. The draw of extracting oneself from a condition of fear and/or the desire to comply/conform/ avoid embarrassment are strong motivators that scam artists leverage in a constantly evolving creative set of ways with their intended victims.
With consumers having near-constant online access via smartphone technology, the trickery playbook for fraudsters/scammers became more anonymous while also adding a broader field of activity, resulting in scam attempts against individuals and companies being more financially successful than ever before (Better Business Bureau, 2022). Removing the glitzy, headline-catching vocabulary, these are just sales strategies performed with nefarious intent. According to Geali (2022), three (3) common methods are:
- Time pressure and illusion of scarcity
- Deferring to a perceived authority
- Enhancement of the individual experience
The characteristic each of these techniques share invokes psychological pressure upon the intended victim to force him or her to decide to comply quickly, without much thought process analyzing whether he or she should, which tend to lead poor outcomes. Acting right away or risk the unavailability of a so-called “opportunity” invokes emotional reactions, which often do not coincide with pausing for analysis, questions, and forward thinking.
Perceiving another party as more knowledgeable/experienced in a matter can also capitalize on these same pressures. This may be why so many computer support scams are successful. A lack of confidence in the presence, even electronically and pseudo-anonymously, of a supposed expert often results in deferring to that party’s suggestions.
Fraudulent schemes that focus on providing gains of some measure to which others do not have access (financial, romantic, material, etc.), thereby enhancing one’s status or means without adequate information and experience also introduces similar tension and discomfort as other methods. Most people do not feel comfortable “missing out” on some rare engagement that could bring about some coveted outcome.
Since the likelihood of encountering a scam attempt via a robocall, text message, social media, apps and games, etc. only seems to become more of a common experience, the best defensive preparation has to assume more of a “trust but verify” standpoint with respect to unexpected interpersonal engagements, especially semi-anonymous ones via social media/gaming direct messages (DMs), “accidental texts” from strangers thinking they are writing someone else but are interested in engaging in further conversations anyway, e-mail phishing attempts, highly fascinating employment opportunities that may be too good to be true, and responding to communication attempts to unlock online accounts, respond to tax liability notifications, or validate an unexpected purchase. If there is an explicit expression of urgency to react with an action via these channels, that is an indication defensive analysis is an appropriate:
- Do not automatically validate any unexpected multifactor authentication (MFA) codes
- Be wary of scanning random Quick Response (QR) codes with your smartphone; consider these the same as clicking a link in an e-mail from an external source as they can connect your device to malicious sources
- If you are engaged in a phone conversation with someone seeking to offer services or payment, be inquisitive without mercy until you feel more aware of your stance regarding the topic
- Operating with the edict that “something is too good to be true” is a reasonable expectation
- Any unknown entity seeking personal information and/or money without credibility may not have good intentions with these details
Do not be afraid to inquire with IT Health Partners about our offers for on-going cybersecurity awareness training and customized educational programs. Our programs ensure people have the necessary information to guard against different methods so they can be vigilant both professionally and personally. IT Health Partners strongly subscribes to the thought that cybersecurity best practices apply beyond the workday and develops training content for people upon which they may become more confident and competent operating in the “digital/information age.”
Better Business Bureau Scam Tracker Risk Report – 2021. (2022). Cryptocurrency scams signal new marketplace risk. Better Business Bureau. https://bbbfoundation.images.worldnow.com/library/259c7333-0fb3-4bc0-a059-4b116594c473.pdf
Geali, L. (2022, February). Scam psychology: 3 common tactics fraudsters use to trick victims (and how to stay one step ahead). Stylist. https://www.stylist.co.uk/money/scam-psychology-tactics/623933