The Art of Deception: Common Social Engineering Techniques to Watch Out For

Social engineering is a type of attack that exploits technical systems through human vulnerabilities. Attackers use various techniques to manipulate individuals into divulging sensitive information or performing certain actions that compromise security. In this article, we'll explore three common social engineering techniques that you should be aware of: emotional manipulation, cognitive dissonance, and bypassing critical thinking.

Emotional Manipulation

Emotional manipulation is a technique used by social engineers to trigger strong emotions in their targets. By evoking emotions such as fear, excitement, or guilt, attackers can influence decision-making and create a sense of urgency. This can lead to impulsive actions that compromise security.

Examples of emotional manipulation in cyber security context include:

• Phishing emails: Attackers send emails that create a sense of urgency, such as "Your account will be closed if you don't respond immediately."

• Scareware: Attackers use fake alerts or warnings to create fear, such as "Your computer is infected with a virus. Click here to download a fix."

• Charity scams: Attackers use emotional appeals to solicit donations, such as "Help us save the children. Donate now and make a difference."

Cognitive Dissonance

Cognitive dissonance is a technique used by social engineers to create mental discomfort in their targets. By pressuring victims into taking actions that contradict their beliefs, attackers can create a sense of dissonance that makes them comply.

Examples of cognitive dissonance include:

• Authority-based attacks: Attackers pose as authority figures and pressure victims into taking actions that contradict their beliefs, such as "I'm from the IT department. I need you to download this software to fix a security issue."

• Social proof: Attackers use social proof to create a sense of conformity, such as "Everyone else is doing it. You should too."

• Scarcity: Attackers create a sense of scarcity to pressure victims into taking actions, such as "Limited time offer. Act now or miss out."

Bypassing Critical Thinking

Bypassing critical thinking is a technique used by social engineers to prevent their targets from analyzing the situation carefully. By using urgency or overwhelming information, attackers can create a sense of confusion that makes it difficult for victims to think critically.

Examples of bypassing critical thinking include:

• Information overload: Attackers provide too much information, making it difficult for victims to analyze the situation carefully.

  
  
  
  

• Urgency: Attackers create a sense of urgency, such as "If your boss would know. Help quick and no one will ever know."

• Complexity: Attackers use complex language or technical jargon to confuse victims and prevent them from thinking critically.

Prevention To Identify Scammers

To protect yourself from social engineering attacks, it's essential to be aware of these techniques and take steps to prevent them. One way to do this is to use a codeword, a fake piece of information that you can use to identify scammers.

Here's how it works:

• 1. Choose a codeword: Choose a word, phrase, or piece of information that you can use as a codeword. This could be a place, an animal, a name, or anything else that you can remember, which has no personal connection to you.

• 2. Use the codeword in conversation: If you're talking to someone and you start to feel like something is fishy, use the codeword in conversation. For example, you could say, "I'm planning a trip to Tokyo next year." (Tokyo is the codeword.)

• 3. Listen for the codeword: If the person you're talking to is a scammer, they may repeat the codeword back to you often. Or if you hear or read the codeword shortly after the talk in an additional call or phishing mail, you know that the person is a scammer.

The Call Center Hack

Another way to identify scammers is to use the call center hack. Here's how it works:

• 1. Tell the caller you'll send an email: If someone calls you and asks for sensitive information, tell them that you'll send an email with a 10-digit verification code.

• 2. Ask the caller for the last 4 digits: Ask the caller to tell you the last 4 digits of the verification code.

• 3. If they answer, it's a scam: If the caller answers your request, you know that they're a scammer. (BECAUSE you never send your caller such an email, okay!)

General Protection from Social Engineering Attacks

To protect yourself from social engineering attacks, it's essential to be aware of these techniques and take steps to prevent them. Here are some tips:

• Be Emotionally Aware: Be cautious of messages that create a sense of urgency or evoke strong emotions. Scammers often use emotional appeals to cloud your judgment.

• Verify Before Acting: Always verify the authenticity of information and sources before taking any action. Check for red flags, such as spelling mistakes or suspicious links.

• Take a Step Back: Take your time to analyze the situation carefully and think critically. Don't rush into anything that makes you feel uncomfortable.

• Use Secure Communication: Use code words or pre-agreed phrases to verify the identity of the person on the other end of the conversation.

• Ask Questions and Play Dumb: Don't be afraid to ask questions or pretend you don't understand something. Legitimate organizations will take the time to explain and help you, while scammers may become impatient or evasive.

• Stay Up-to-Date: Keep yourself up-to-date to prevent exploitation of known vulnerabilities.

Thanks for reading! See you and have a great day :)