What does a government scam, an IT support scam and a romance scam have in common? They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. It’s easy to think “I know better” or “that will never happen to me.” The truth is, being human is enough for anyone to fall victim to a scammer’s tactics. One way to mitigate the effect of such tactics is by being aware of the techniques that scammers use. Let’s see what lessons we can learn from scam artists to better protect ourselves.

Impersonation

Frank Abagnale is widely recognized as the best con artist in American history. According to him, one of the ways he could successfully con people was through impersonation. In his book “The Art of the Steal” Frank Abagnale said: “Hotel clerks and merchants didn’t question pilots and doctors too closely.” He soon realized that when he impersonated doctors and pilots, people viewed him as someone with authority and would rarely question him if at all. This enabled him to cash nearly $2.5 million worth of checks. Con artists play on our own unconscious bias that people in authority are trustworthy.

Thanks to technology and social media, impersonation scams have grown exponentially. Impersonators create fake social media accounts that include the names, images, logos, or other identifying information, of a person, brand, or organization. This is one of the easiest forms of impersonation for scammers, which explains the drastic increase in the number of fake social media accounts. Facebook alone removed nearly 1.8 billion fake accounts in 2021. Impersonation is often used in phishing, SMiShing, and vishing. This means that most of us have already been exposed to impersonators via one of these methods.

Urgency

You’re done with your workday, about to log off. But at that very moment your boss emails you telling you to buy some Apple gift cards from a nearby store for a presentation they have. At first glance the email looks legit, but then you stop and realize he’s asking you to do something unusual. You realize the email is a scam. This scenario illustrates how scammers use urgency to trick people into giving them money or personal information. They may claim that you need to act immediately to collect a prize, pay a bill, or protect your identity. They may also say that there is only limited time to take advantage of a special offer. These tactics can be very effective in pressuring people into making a decision before they have time to think or verify if the offer is legitimate.

Prey on Emotions

Scammers have become experts in using social engineering techniques to their advantage. While not all social engineering is bad, scammers specialize in triggering emotions to exploit our weaknesses. They use emotions such as fear, curiosity, and greed, in order to get people to comply with their demands. At times, they may use sympathy and claim that they need money for an emergency situation. In other cases, they may appeal to your sense of generosity or kindness asking for donations for a good cause.

Lessons Learned

We can learn much by getting to know the tactics of our impostors. Some of the tactics they use include impersonation, creating a sense of urgency, and manipulating our feelings. Knowledge is power. Staying up to date regarding these attacks will increase our awareness and help to avoid falling victim to them. The Federal Trade Commission gives the following tips to avoid falling victim to scammers:

1. They PRETEND to be from an organization you know.

Scammers often pretend to be contacting you on behalf of the government. They might use a real name, like the Social Security Administration, the IRS, or Medicare, or make up a name that sounds official. Some pretend to be from a business you know, like a utility company, a tech company, or even a charity asking for donations.

They use technology to change the phone number that appears on your caller ID. So the name and number you see might not be real.

2. Scammers say there’s a PROBLEM or a PRIZE.

They might say you’re in trouble with the government. They may also say you owe money, or that someone in your family had an emergency, or that there’s a virus on your computer.

Some scammers say there’s a problem with one of your accounts and that you need to verify some information.

3. They PRESSURE you to act immediately.

Scammers want you to act before you have time to think. If you’re on the phone, they might tell you not to hang up so you can’t check out their story. They might threaten to arrest you, sue you, take away your driver’s or business license, or deport you. They might say your computer is about to be corrupted.

4. Scammers tell you to PAY in a specific way.

They often insist that you pay by using cryptocurrency, by wiring money through a company like MoneyGram or Western Union, or by putting money on a gift card and then giving them the number on the back.

The More You Know

The goal of a criminal is to keep you from thinking critically. They generally do this by targeting emotions, as discussed above. Because of this, the most powerful weapon against social engineering attacks is critical thinking. Given the emotional nature of these attacks, there may not be a specific tool or process that can prevent us from falling victim to human vulnerability. However, being aware of such vulnerability enables you to pause and think of the request. Ask yourself, is this request reasonable? Why are they asking this of me? Should I do this?

Corporations and individuals are becoming more aware of social engineering attacks and are looking for ways to protect themselves. One way to do this is by learning as much as possible about the tactics that malicious actors use, as well as implementing best security practices. Whether you want to protect yourself against social engineering attacks or learn more about human behavior, the Foundational Application of Social Engineering class is a 4-day immersive course that specializes in the field of social engineering offering practical exercises which provide a lasting learning experience.

Rosa Rowles

At Social-Engineer LLC, our purpose is to bring education and awareness to all users of technology. For a detailed list of our services and how we can help you achieve your information/cybersecurity goals please visit:

https://www.Social-Engineer.com/Managed-Services/.

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/social-engineering/lessons-from-a-scam-artist/