How to Avoid Social Engineering Scams

October 1, 2019

 

How to Avoid Social Engineering Scams

One of the worlds worst optimistic views is the common belief that they can not be a victim of hacking, scams, etcetera. At this point, the existence of hackers and scammers is the worlds worst kept secret. Some of the victims are those that do not understand value of their personal information. A hacker/scammer will always find value in any/all personal information.

Now how do they get that information?

The simple answer is social engineering. There are professional demonstrators out in the world like John Sileo. This man can talk a person out their phones and personal information in one sitting. Volunteers didn’t notice their personal information was stolen. Most would say, “it was just a delightful conversation.” So this is important! Think about your automotive shop. Now think, who’s answering the phone? Are they aware of the scams that are going on? When talking about security there is an optimism bias making social engineering all the more dangerous. The second definition of social engineering is, “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.” (from online Oxford dictionary)

Social Engineering in the works!

Identity theft, hacking, phishing emails, and other categories of cyber crimes. A common attack to a shop’s personal information are person to person or person to email attacks. These cyber criminals are calling shops, asking for information, and pretending to be credible source; however you can’t verify who they are. The alarm bells should be ringing at this point. If there is no way of establishing who the caller is, hang up then report to the authorities. Do not, I repeat, do not give any kind of personal/business information to unknown source. In the past, there have been billing departments who had their emails phished by pretending they were the companies CEO. The invoice looks credible and they pay said invoice. Only to find out the money went offshore.

Survey Says!

Of course, this is nothing new, but its still relevant today! Thirty percent of the surveyed population, for this type of social engineering, had no idea that it was social engineering. They never knew they were actually baited in giving away personal/business information. In essence, there is a high likelihood of an employee manipulated into offering a shop’s information.

“They’ll trick you into circumventing your brain security plan even if you know what you’re supposed to do!” – Donny Seyfer

Five Common Techniques!

There are five common tools of the trade that cyber criminals love to use.

1. Authority – “I’m with your credit card company and I need all the information for this because we’ve got to make sure that it’s set up right!”

These are the pushy scammers that will create illusion of authority to con an employee .

 

2. Charming – “Oh you know I needed to get this piece of information from you and my husband’s at work right now…”

A lot of them incorporate or are women. Women, by default, create a less protective and less suspicious environment.

 

3. Fear and/or Urgency – “If I don’t get this taken care of right now your accounts going to be shut off!”

One of the big ones, these con artists will tempt to scare the victim to reveal sensitive information.

 

4. Reciprocity – “Hi, we’ve noticed your content has been skyrocketing on [blank] and we an advertising firm that would like to invest in your company.”

or “Hi we’re [blank] and we were offering a paid survery at [blank] for $200. Please call us back at this toll free number today.”

Makes it sound like a deal right? Most people respond without looking up the company.

Reciprocity means, “I’m going to give you something and you’re going to give me something.”

They make it sound like you are going back and forth. Be assured the only a one sided deal.

 

5. Targeted Responses – “MajorDeann$2, that’s the password you typically use. Now that I have your attention…”

These phishers love shocking people with pieces of information. Information that was stored from dead accounts, hacked servers, and by other means.

Scammers always have a spectacular excuse, some even pretend to be from your bank. Claiming nonsense like, “Someone’s hacking into your account, but I can stop it.

I just need some security questions answered.”

You know, the security questions that all bank employees need…

Rapid Detection!

There are plenty of software out there to help protect one’s livlyhood. Altough there is no such software for a human brain. That’s why as a shop owners, technicians, and citizens need to think on your feet. Rapid detection is the only real way to ensure secure information against social engineering.

Just remember to always set this trigger in your brain, “Would I do this normally? If not, why am I doing it now?”

 


Related Course

View Course

Cyber security is in the news, all the time. And with today’s vehicles having a huge amount of digital connectivity not only internally between modules and components, but externally via wi-fi and navigation systems, the chance for “hacking” is all to real. Cyber security expert and NASTF Executive Director Donny Seyfer shows you to be aware of and how to prevent yourself and your customers from becoming victims of hacking attacks.

Read More

Sponsor
AVI © 2024
ASE Accredited