Whether or not you’re familiar with the term “social engineering or ransomware,” you’re likely familiar with its underlying concepts.

Social engineering refers to the act of manipulating someone (often via digital communication) into providing sensitive information that could be used to commit fraud. Social engineering may target an individual, or it may target an entire business. And while it may sound simple to see through cons like these, the grim reality is that increased technology use allows scammers to appear remarkably convincing.

The best counterattack? Education! Here, we’ll explore social engineering (and some of its most common forms). The more you know about exactly how these scams take shape, the easier you’ll likely find it to prevent them from happening in the first place.

Social Engineering, Phishing and Ransomware Defined

Social engineering, in the most general sense, is the use of deception or emotional manipulation, usually through digital means, to scam victims out of private information that can then be used for fraudulent purposes. When it comes to the world of business, in particular, it refers to the use of deception to access sensitive data, private facilities, network systems and more by exploiting the trusting nature of employees.

It’s a simple enough definition, but social engineering takes many forms – it may involve a call from a scammer posing as a relative who needs money or an email in which the fraudster poses as a company CEO.

One of the most well-known forms of social engineering is phishing, which involves sending deceptive emails. The term “phishing” has also spawned similar names for deceptive phone calls (vishing) and text message scams (smishing).

Ransomware, one of the most serious online threats facing people and businesses today – and the most profitable form of malware criminals use. Hackers hold your files and systems “hostage” – often encrypting them – then demand payment, typically in bitcoin, before you get your files or system(s) back. For more information, check out the Federal Trade Commissions’ videos featuring conversations with security researchers, technologists, law enforcers, and business leaders.

Common Examples of Social Engineering

Understanding the many ways in which social engineering can manifest is crucial if you’re intent on safeguarding your information and assets from scammers. Common examples worth noting include:

Just keep in mind that the above list covers only a few entries on the ever-expanding list of scam tactics that modern fraudsters rely on. With that said, we’ll dig a bit deeper into the first two of these common tactics below – tech support scams and caller ID spoofing (number spoofing) – to give you an idea of what to look for and make you a more alert consumer.

Tech Support Scams

Tech support scams are a type of social engineering attack that’s grown increasingly common. True to their name, these scams feature scammers who pose as tech support specialist via phone calls, pop-up messages or emails to trick victims into granting access to their computer or certain online accounts.

The one-time passcode (OTP) scam is a prime example. It involves a fraudulent tech support specialist asking you to provide a one-time passcode in order to fix an issue with a service you use. Then, once you provide the OTP, the scammer gains access to your account and any sensitive information (or features, such as the ability to send money) associated with that account.

Caller ID Spoofing

Caller ID spoofing is a scam that’s grown wildly popular since the rise of smartphones. Spoofing occurs when the scammer manipulates the call recipient’s caller ID to show a number other than the one they’re actually using. Sometimes it’s just any old decoy number to ensure the fraudster’s anonymity. Other times, however, the scammer will choose a local number or copy the number of a reputable business or agency to create a more believable scam.

Why is Social Engineering Dangerous?

The danger behind most forms of social engineering is fairly straightforward: Falling victim to scams places your financial well-being and personal information at serious risk. Successful scams often result in a direct and impactful loss of money and sensitive information, and can adversely impact your life in several other ways, like by damaging your credit.

Scams can deal serious reputational damage, too – especially to businesses who fall victim. Fraudsters who opt for social engineering tactics depend on human error and trust to succeed, and this can tank consumer and client trust.

Start my quote

How to Protect Your Information

As technology evolves, scammers are growing ever more creative unwitting victims. The bright side? There are a number of best practices you can follow to help.

  • Update your software. Use anti-virus software and keep it up-to-date. And set your operating system, web browser, and security software to update automatically on your computer. On mobile devices, you may have to do it manually. If your software is out-of-date, it’s easier for criminals to sneak bad stuff onto your device.
  • Think twice before clicking on links or downloading attachments and apps. According to one panelist, 91% of ransomware is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.
  • Back up your important files. From tax forms to family photos, make it part of your routine to back up files on your computers and mobile devices often. When you’re done, log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.
  • Never provide payment details or other sensitive information over the phone unless you initiated the contact with a repeatable party. Legitimate businesses and government agencies will almost never request direct payment or sensitive details over the phone, if ever. They’ll never request unusual forms of payment, like cryptocurrency or gift cards, either.
  • Never hand over passwords or OTPs. It’s especially important to avoid sharing OTPs you didn’t request yourself, as unsolicited OTPs are often a sign that there’s a scammer at work.
  • Don’t grant someone access to control of your computer if you didn’t connect with them yourself. If you receive an unexpected request for control of your computer in the name of “tech support,” it’s probably a scam.
  • If you’re concerned your payment information has been acquired, consider freezing debit and credit cards, or requesting new ones altogether. This should help cut scammers off from your money.
  • Consider freezing your credit if you’re not planning to apply for loans or credit cards in the near future. This prevents leaders from accessing your credit reports, which, in turn, prevents them from issuing credit in your name. It’s a particularly smart move if you think your Social Security number has been compromised.
  • Report the scam to the appropriate authorities. You can report suspicious activity or general fraud to the Federal Trade Commission. If you think your identity has been stolen, however – as is often the goal with social engineering – file an identity theft report, too.

Defend Your Data With Help From E-COMP

E-COMP offers a variety of cybersecurity insurance products. Get an instant quote and purchase coverage now or to schedule or learn more about the services, please contact your Account Manager or by emailing [email protected].