Question from Lona: Hi, Rick. I have a really short question that I’d like to ask if you don’t mind.
What does the term “Social Engineering” mean? I keep hearing it but I don’t have a clue what it is.
Rick’s answer: You’re right, Lona. That was a short question (and a good one).
In a nutshell, Social Engineering is basically the use of old-fashioned trickery in an attempt to persuade you into giving up personal or otherwise sensitive information that you would normally keep to yourself.
Fraudsters and hackers use many forms of Social Engineering on us, and many of them are difficult to detect and resist.
These fraudulent tactics often work because they are designed to either instill fear in us or exploit our natural human tendency to want to get something for nothing.
Here are a couple of examples of what I’m talking about…
1 – Someone calls you on the phone claiming to be from Microsoft or Apple.
He tells you that your PC or Mac is infected with malware and you need to let him take control of your computer remotely over the Internet so he can remove the malware for you.
This is a common scam that I’ve written about before, and if you fall for it you’ll be giving a hacker or scammer complete control of your computer and every piece of sensitive information that’s stored on it.
In some cases a scammer will actually ask for an up-front cash payment in exchange for having him remove the malware for you remotely via the Internet.
This is even worse than the scam mentioned above because he not only ends up with access to your computer, but with a chunk of your hard-earned cash up front to boot.
In either of these situations there’s likely no malware on your computer to begin with except for the malware that pops up and displays the dire warning.
In other words, the message is nothing more than a ruse intended to trick you into giving the scammer an easy “paycheck”.
2 – Someone sends you an email telling you that your PayPal account or bank account has been restricted until you verify your personal information. They then provide you with a link to click so you can log into your account and verify your info.
The problem is, the link they send you is to a fake login page that looks pretty much identical to the one on the real PayPal or bank website.
When you attempt to log in using the form on the fake page, your login credentials are captured.
The crook can then use your stolen login information to log in to your account on the real website and steal your money.
This type of ploy is known as a phishing attempt (the scammer is phishing for information).
Luckily, it’s pretty easy to recognize and avoid phishing attempts if you know what to look for.
In another common variation of this scam the scammer will call you on the telephone claiming to be from your bank or from PayPal.
Instead of sending you a link to a fake login page they’ll just come right out and ask for your login information on phone, ostensibly to “verify your identity”.
If you comply and hand over the info you’ll be giving the scammer immediate and complete access to your bank account.
Those are just two of the most common types of Social Engineering being used today.
There are far too many forms of Social Engineering out there to mention them all here, and more are being schemed up all the time.
That’s why it’s so important to be on the lookout for them so you can avoid becoming a victim.
Bottom line: In essence, Social Engineering is really just simple trickery.
You are told a lie in order to entice you (or scare you) into handing over complete control of your computer or an important account’s login credentials and/or other sensitive information to the scammer.
My advice is to automatically believe anything you receive in your email inbox or via an unsolicited telephone call to be a scam until you check it out directly with the company in question.
Any time you receive ANY email correspondence from PayPal, your bank, or any other online entity that contains a link to a login page, go to their website directly and log in to your account from there.
NEVER click the link in the email and try to log in on the landing page!
If the email is legit you’ll find the very same info and warning contained within the email somewhere within your actual account. And trust me, if it’s important they’ll make sure you can easily see it the moment you log in.
Also, if someone calls you on the phone claiming to be from Microsoft or Apple insisting that they need to access your computer remotely in order to fix a problem, hang up immediately. Those companies NEVER do that. EVER.
Bonus tip: Enable two-factor authentication on all of your online accounts that support it. That way the scammers won’t be able to log into your accounts unless they have physical possession of your mobile phone – even if they have both your username and password.