• Home >
  • Blog >
  • Social Engineering: The New Tricks by Online Con-Artists

Social Engineering: The New Tricks by Online Con-Artists

  • Updated on August 7, 2018

The Non-Techie Guide to Understanding How it Works.

Have you seen the movies Matchstick Men, Catch Me If You Can, or Sneakers?

If you have, then you’ve seen plenty of social engineering in action.

Social Engineering, in the context of information security, is the art of manipulating human behavior or psychology to gain access to confidential information, buildings, systems or data. For example, a social engineer who wants access to your building won’t do it by hacking your security system, he’ll convince one of your employees to let him in.

In short, it’s easier for criminals to take advantage of your natural inclination to trust and be liked than it is to find ways to hack your machine.

Any security professional will tell you that the weakest link in the security chain is the human who accepts a person at face value.  You can have all the bells and whistles money can buy in terms of security systems along with several deadbolts on your door; but if you open your door to the pizza delivery guy or someone who wears a police uniform without first checking if he’s legit, you’re left exposed to whatever threat he might actually represent.
[bctt tweet=”It’s easier for criminals to take advantage of your natural inclination to trust and be liked than it is to find ways to hack your machine.”]

Here are some situational examples of social engineering:

At the office:

“Can you hold the door for me? ” How often have you heard that in your building? While the person asking may not seem suspicious, this is a very common tactic used by social engineers.

Some social engineers, using the tactic of Pretexting, will pretend to be a customer or another employee from a different department or branch seeking assistance.  Posing as a peer and slipping in the occasional gripe or office gossip gathered on social media, the target might let his guard down and allow for a freer flow of information.

A cigarette is also a social engineer’s best friend.  In the tactic known as Tailgating, a social engineer might wait near the smoking area where employees often go for breaks. Assuming he’s just another fellow-office-smoking mate, real employees will let him through the back door without question.

On the phone:

A social engineer might call and pretend to be a fellow employee or a trusted outside authority like law enforcement to make you feel comfortable.  He might learn the corporate lingo or use other techniques like recording the “hold” music a company uses when callers are left waiting on the phone.

Online:

Social networking sites such as Facebook, LinkedIn, and blogs have inadvertently made social engineering attacks easier because it now only takes a matter of minutes to put together detailed information to make a social engineering exercise seem credible.

With online scams, social engineers leverage both fear and curiosity, such as sending phishing emails, conducting tech support scams, or luring vulnerable people with romance/dating scams.

Information is the Currency of Social Engineering

Social engineering relies heavily on the 6 Principles of Influence established by Robert Cialdini.  What this means is that criminals will need to spend considerable time getting to know a place or a person they’re targeting.  They will gather and analyze all the information to see which area of influence you are more vulnerable to.

The problem is this:

More and more details about our lives are splashed all over the internet so what used to take months to collect, now often take days or even a few hours.

The more or generous or carefree you are with your personal information online, the more strangers (in addition to your friends) know about you—and the more “usable” information you have possibly given a social engineer to target you with.

How to make yourself less of a target.

Here are some tips, provided by experts, to help you lower your Internet profile and reduce the amount of personal information about yourself.

Never give out information by clicking a link or when someone calls you.  When the retailer Target was hacked, they announced they were offering free credit reports. Social Engineers “targeted” customers with a scam email offering the free credit report

Don’t put anything on social media or online that you wouldn’t want hackers to know.  That’s a slice of personal history that gives a Social Engineer plenty to work with and the more they can prove they know (about) you, the more trusting you become.

Keep watch over what you’re tagged in on other’s profiles.  You may not be actively posting on your social media accounts but your friends, family, and coworkers may be doing the work for you.  Keep a close eye on where and how you’re tagged online – adjust your privacy and permission settings to retain control.

Don’t be a social engineering victim.

Online awareness is the number one defensive measure against social engineering.

“People inherently want to trust, that’s what a successful social engineering attack comes down to,” says Chris Blow, offensive security architect at property and casualty insurer Liberty Mutual.  “People don’t want to appear skeptical of another person’s actions.  Most people want to be kind and courteous and are trained to be compliant, especially in a work environment.”

But we all remember the advice we heard from parents and teachers when we were young. “Beware of strangers.” That’s a good reminder for the “invisible” strangers online.

Help your employees, co-workers, family, and friends be aware of social engineering and be familiar with the most commonly used tactics

Picture of <span>About The Author</span>Chris Parker

About The AuthorChris Parker

Chris Parker is the founder of WhatIsMyIPAddress.com, one of the world’s most popular websites for online privacy and security with over 13 million monthly visitors. He is also the host of the Easy Prey podcast, where he interviews experts and survivors to uncover the tactics behind scams, fraud, and digital manipulation. Chris is the author of Privacy Crisis: How to Maintain Your Privacy Without Becoming a Hermit, a practical guide to protecting personal information in today’s surveillance-driven world. His work has been featured on ABC News and numerous podcasts, making him a trusted voice on how to stay safe, secure, and private online.
Share Post:

INSIGHTS YOU

MAY ALSO LIKE

Social Engineering – Don’t let anyone manipulate you

You play a role in preventing social engineering. So, just what is social engineering? It’s a vague term that’s used for online shenanigans and…

View Post

11 Ways People Can Get Your IP Address

If you think that only your Internet Service Provider (ISP), such as Cox Cable or Verizon, knows your IP address, think again. (Your IP…

View Post
APC AP9630 Network Management Card

How To Reset an APC AP9630 / AP9631 to DHCP Mode

This post was moved over from an old blog of mine that I’ve since taken down. Several years ago I purchased an APC AP9630…

View Post

WHAT PEOPLE SAY

ABOUT CHRIS

“In a world where your data is constantly mined, shared, and sold, Chris Parker delivers a tactical, empowering roadmap to take back control. This isn’t just theory. It’s a step-by-step manual for protecting your privacy, escaping the surveillance economy, and living with true autonomy.

If You’re a lifestyle investor or entrepreneur looking to protect your assests, your family, or your freedom, this book is your wake-up call.

I recommend these books to anyone who values freedom, legacy, and the power of living life on your terms.“

justin-donald
— Justin Donald, #1 WSJ and USA Today Best-Selling Author, 
Founder of The Lifestyle Investor, Host of The Lifestyle Investor Podcast

“In today’s AI-driven world, where so much of our communication is inauthentic, Privacy Crisis serves as an essential guide to reclaiming control over your personal information.Chris Parker confronts the unsettling reality of how our everyday details are used by companies 
to market to us, and worse, by hackers to spy on us and steal from us. Yet digital data is everyone’s reality, and Data Rightsdelivers a balanced message of empowerment without paranoia. The book’s core message – privacy isn’t about hiding; it’s about choosing what we reveal and to whom – is an essential message for everyone, making this book a must-read.“

sam Ritcher 1
— Sam Richter, World-Renowned Expert on AI-Powered Digital Information, Award-Winning Hall 
of Fame Speaker and Bestselling Author

“As the assaults on our privacy become more frequent and sophisticated, we need someone like Chris Parker to help us navigate the landscape of our new reality. In ‘Privacy Crisis,’ Chris dishes out valuable, common sense solutions everyone can understand and put to immediate use.

sam Ritcher 3
— Steve Lazarus, Retired FBI Agent and award-winning author

“In a world where everything we do online leaves a digital footprint, Privacy Crisis is an essential guide to reclaiming control. Chris Parker masterfully demystifies the complexities of data privacy with practical strategies and a refreshing, no-nonsense approach. This book doesn’t just warn you about the dangers—it equips you with the tools to protect yourself without living in fear.“

sam Ritcher 2
— Nir Eyal, bestselling author of Indistractable and Hooked

“The essential manual for protecting yourself in the digital age! Chris Parker masterfully breaks down complex privacy concepts into actionable steps for everyday users.

sam Ritcher 5
— Robert Allen, #1 New York Times Bestselling author of Creating Wealth, Multiple Streams of Income, and Nothing Down

We all need to protect our digital privacy. This book provides real-world examples and the guidance we need to protect ourselves and our loved ones.“

sam Ritcher 6
— John Lee Dumas, Author of The Common Path to Uncommon Success & Host of Entrepreneurs on Fire podcast

DOWNLOAD CHRIS’ BOOK

PRIVACY CRISIS

DOWNLOAD YOUR FREE PDF, MP3, and workbook by entering your details below.

We respect your privacy. 

Don’t want to share your email?

DOWNLOAD anonymously

Privacy Policy

Privacy Policy

This following document sets forth the Privacy Policy for this website.

Collection of your personal information

We collect Non-Personally Identifiable Information from visitors to this Website. Non-Personally Identifiable Information is information that cannot by itself be used to identify a particular person or entity, and may include your IP host address, pages viewed, browser type, Internet browsing and usage habits, advertisements that you click on, Internet Service Provider, domain name, the time/date of your visit to this Website, the referring URL and your computer’s operating system.

Free offers & opt-ins

Participation in providing your email address in return for an offer from this site is completely voluntary and the user therefore has a choice whether or not to disclose your information. You may unsubscribe at any time so that you will not receive future emails.

Sharing of your personal information

Your personal information that we collect as a result of you purchasing our products & services, will NOT be shared with any third party, nor will it be used for unsolicited email marketing or spam. We may send you occasional marketing material in relation to our design services.

What Information Do We Collect?

If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses.

Cookie Based Marketing

Some of our advertising campaigns may track users across different websites for the purpose of displaying advertising. We do not know which specific website are used in these campaigns, but you should assume tracking occurs, and if this is an issue you should turn-off third party cookies in your web browser.

How Do We Use Information We Collect from Cookies?

As you visit and browse Our Website, the Our Website uses cookies to differentiate you from other users. In some cases, we also use cookies to prevent you from having to log in more than is necessary for security. Cookies, in conjunction with our web server log files or pixels, allow us to calculate the aggregate number of people visiting Our Website and which parts of the site are most popular.

This helps us gather feedback to constantly improve Our Website and better serve our clients. Cookies and pixels do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.

IP Addresses

P addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the Web pages you request) can be sent to you.

Sharing and Selling Information

We do not share, sell, lend or lease any of the information that uniquely identify a subscriber (such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide Services that you have requested.

How Can You Access and Correct Your Information?

You may request access to all your personally identifiable information that we collect online and maintain in our database by using our contact page form.

Changes to this Privacy Policy

We reserve the right to make amendments to this Privacy Policy at any time. If you have objections to the Privacy Policy, you should not access or use this website. You may contact us at any time with regards to this privacy policy.