Updated on by

RSN™ Guide:

You have probably heard that term before.

What is it?

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.

It is a type of confidence trick (scam) for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

The term “social engineering” as an act of psychological manipulation of a human, is also associated with the social sciences, but its usage has caught-on among scammers, computer and information security professionals.

It can be used for good and bad.

As an attack vector, social engineering has been utilized in many different crime areas and cybercrime is no exception. In fact, many internet security companies continuously highlight the human factor as the weakest link in cybersecurity. Influencing people into acting against their own interest or the interest of an organization is often a simpler solution than resorting to malware or hacking.

Both law enforcement and the financial industry indicate that social engineering continues to enable attackers who lack the technical skills, motivation to use them or the resources to purchase or hire them. Additionally, targeted social engineering allows those technically gifted to orchestrate blended attacks bypassing both human and hardware or software lines of defense.

Key threats :


Social Engineering Fraud

Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal data.

Scams are carried out online – for example, by email or through social networking sites – by telephone, or even in person.

Types of social engineering fraud

Social engineering fraud can be divided into two main categories:
Mass frauds, which use basic techniques and are aimed at a large number of people;

Targeted frauds, which have a higher degree of sophistication and are aimed at very specific individuals or companies.

While the scams themselves differ, the methods used by criminals generally follow the same four steps:

  • Gathering information
  • Developing a relationship
  • Exploiting any identified vulnerabilities
  • Execution

Among the well-known types of scam are:

Fraudsters obtain the phone number of an individual, often an elderly person, then call them pretending to be a family member or public service and claiming to be in urgent need of cash.

They ask for money to be deposited in a designated bank account or delivered by hand in order to settle a traffic accident claim, loan shark debt, or other pressing financial need.

Pretexting involves creating a scenario to engage a targeted victim; for example, impersonating a bank manager or tax inspector to convince the target to share personal information such as account numbers or passwords. This type of scam requires the criminal to conduct research on the victim, in order for the story to appear plausible.

Phishing uses a more generic scenario which is sent to a large number of people in an attempt to draw in as many victims as possible. This is usually done by e-mail and appears as if it comes from a legitimate source which many people frequent, such as popular online shopping websites, e-mail companies or computer tech support companies. The same techniques can also be executed by phone (Vishing) or by text message (SMishing).

BEC / CEO Fraud / Manager Fraud

Fraudsters gather publicly available information – usually through the Internet – about the company to be targeted.

They find out details of the Head of the company, and those managers and employees who are authorized to handle cash transfers.

The criminals use this data in order to impersonate the head of the company and coerce employees into making an urgent and high-value cash transfer to a designated bank account.

A cybercriminal hacks into an individual’s e-mail account and sends messages to their friends, relatives or colleagues claiming to be in trouble, for example, and needing money.

The recipient is unaware that the e-mail is not actually coming from the person they know, making them more inclined to assist – and thereby assist the criminal in gaining money or accessing their accounts.

Sweepstakes or Lotteries

A person receives a message along the following lines: ‘Congratulations, you are the grand prize winner! To claim your prize, all you need to do is pay a processing fee so we can release your winnings.’

Very often, names of popular companies or organizations are misused to give the lottery a trustworthy impression.

Despite making the requested payment, the victims never receive the expected prize winnings.

Other Local Scammer Techniques Include:

  • Forensic recovery – Analysis of non-securely disposed materials (USB keys, hard drives);
  • Quid pro quo – Exchange of sensitive information under a misunderstanding or false pretenses;
  • Baiting – Leaving an infected storage device to be picked up and plugged into a computer;
  • Tailgating – Following someone to access secured premises;
  • Diversion theft – Redirecting a courier or transport delivery to another location.
The following two tabs change content below.
SCARS|RSN™ RomanceScamsNow.com™ is the official knowledge and victims' support publication of the Society of Citizens Against Relationship Scams™ Incorporated [SCARS]™ It is edited and published by the SCARS|RSN Team, a division of SCARS. SCARS is the world's leading anti-scam charitable nonprofit nongovernmental organization, based in Miami Florida U.S.A. Its founder has been involved in combating online fraud since 1991. SCARS™ - the Society of Citizens Against Relationship Scams Inc. is a charitable nonprofit nongovernmental organization (NGO) dedicated to advocating victim's causes and changing government and law enforcement attitudes toward online fraud for good! Please join us in becoming a member of SCARS - it's free! Add your voice so that the world will listen at last - just go to www.AgainstScams.org. The SCARS|RSN website and all of our publications (including social media) are maintained by our own staff employees and volunteers to provide you the most up to date information about scams & scammers from around the world. We show you how to avoid them or recover from them. SCARS is the only registered online crime victims' assistance & support organization in the world. Be sure to report scammers here. Also, visit our main Facebook page for more information about romance scams.