In today’s interconnected world, bad actors use cunning psychological tactics to exploit our natural instincts. Social engineering scams frequently exploit our desire to help by using themes of sympathy and assistance to manipulate us. These scams often involve impersonating someone in need of help, triggering an emotional response that leaves out critical thought. Let’s explore how cybercriminals use these tactics and, most importantly, how critical thinking helps protect us from them.

Common Scams Using Sympathy and Assistance Themes

Emergency Impersonation Scams:

One of the most common scams is the “emergency” scenario, where a bad actor pretends to be a relative or friend in urgent need of help. Victims are told that their loved one is in an accident, stranded abroad, or needs immediate financial assistance. The urgency of the situation leaves little room for the victim to question the validity of the request. Bad actors typically execute these scams over the phone, through email, or on social media platforms. Over the phone, scammers may even use cutting edge technology to mimic a real family member or friend using Artificial Intelligence.

How It Works:

• The attacker collects personal information about the target through social media, data breaches, and publicly available online sources.
• They contact the target, claiming to be someone they know and use emotional manipulation, such as fear or guilt, to prompt immediate action.
• The victim is asked to wire money, transfer cryptocurrency, or share sensitive information like credit card details, to “help” them in their current situation.

Fake Charity Scams

Natural disasters, pandemics, or other crises, provide prime opportunities for scammers to create fake charities or relief funds. They exploit human compassion by requesting donations to supposedly help victims of these tragedies. In reality, the donations go directly into the scammer’s pockets.

How It Works:

• Attackers create legitimate-looking websites or contact potential donors through emails and social media posts.
• They often use images, videos, and emotional stories, to trigger feelings of empathy and urgency.
• Donors are prompted to send money via non-traceable methods, such as prepaid gift cards or cryptocurrency.

Romance Scams

In romance scams, bad actors build emotional connections with victims over time, posing as romantic partners. Once trust is established, they introduce a fabricated personal crisis, such as an unexpected medical bill or financial hardship, and request assistance. Because of the emotional connection the victim has with the attacker, they may provide money or other sensitive information.

How It Works:

• The scammer spends weeks or months fostering an emotional bond through dating apps or social media.
• After the emotional connection is made, the bad actor begins to make targeted requests, often involving financial assistance or personal information. They anticipate that the victim will respond emotionally rather than logically, causing them to overlook any red flags in these requests.
• Victims may end up sending large sums of money, only to discover that their “partner” is not real, and that they have taken the money and run.

Sympathy and Assistance Themes in Vishing Simulations

Now you might be wondering, do these social-engineering tactics actually work? And what about attackers that attempt to compromise someone in a work or corporate environment?

As a certified social engineer, I have seen firsthand how the use of sympathy and assistance themes work wonders in the vishing simulations we perform with our clients at Social-Engineer LLC. For instance, whether I’m pretending to call an employee from IT or HR, I absolutely love framing the pretext in a way that I need my target’s assistance.

One way of doing this is by pretending to be a “new employee” or what I call “the messenger.” Essentially, I convince my target that I’m simply carrying out a task assigned by my boss or that I’m new to the company and was given the task at the last minute. I use this to ask for assistance, claiming I’m just following instructions and don’t want to get in trouble. I have found that framing my pretexts this way is much more effective. So when I ask for a sensitive piece of information, my target feels that they are “helping the new guy.”

Protecting Yourself Through Critical Thinking

Despite the natural human desire to help others, critical thinking is essential to avoid scams that leverage sympathy and assistance themes. While it is important to be compassionate, it’s equally important to pause and assess the situation before acting. Here are some key strategies:

1. Verify Before You Act: Always double-check the identity of the person asking for help. If someone claims to be a friend or relative, contact them through a different method to confirm their story. Establishing a “safe word” with close family members can help verify identity and prevent deception in critical situations. For charities, research the organization thoroughly before donating.
2. Don’t Let Emotions Cloud Judgment: Scammers rely on emotional manipulation to create urgency and make you act quickly. Take a step back and evaluate the situation rationally. Ask yourself if the story makes sense or if it could be a ploy.
3. Use Secure Channels: When dealing with sensitive matters, such as financial transactions or technical support, only engage with official, verified channels. Be wary of unsolicited calls or emails that request personal information or ask you to download software.
4. Look for Red Flags: Watch for common signs of fraud, such as requests for payment via gift cards or cryptocurrency, high-pressure tactics, or suspiciously vague details about the crisis.
5. Educate Yourself and Others: Awareness is the first line of defense against social engineering attacks. Share knowledge about these scams with friends, family, and colleagues, especially those who may be more vulnerable.

Conclusion

While it’s in our nature to help others, we must exercise caution to avoid falling victim to scams involving the use of social engineering. Bad actors are adept at exploiting sympathy, but with critical thinking and vigilance, we can protect ourselves from becoming their next target. Helping others is noble, but doing so safely requires a balance between compassion and caution.

Written by:
Josten Peña
Human Risk Analyst at Social-Engineer, LLC

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/general-blog/social-engineering-tactics-sympathy-and-assistance-themes/