Tuesday, May 3, 2016

Digital Con-Men: Threats from Social Engineering

From snake-oil salesmen to over-the-phone crooks, con-men have manipulated the habits, behaviors and emotions of people to capture their attention, information and money. These days a new type of con artist has risen to prominence. Digital con-man, online fraudster, techno-crook. This type of criminal goes by many names, but the one thing they do have in common is that they utilise meticulous social engineering to worm their way into the lives of their victims.

Instead of using brute force hacks and tactics, these fraudsters use subtle methods to make you part with key pieces of information and hard earned money. Instead of attacking your digital system they go after your ability to discern friend from foe. If you ever received an email from a “Nigerian Prince” looking to share some of his wealth with you, then you’ve seen a digital con-man in action. “I’d never fall for something like that”, you may say. But many have, and it has become such a problem that Foreign Agencies such as Interpol have a dedicated taskforce for these types scammers.

Social engineering attacks are not limited to the Nigerian Prince scam or those like it. Other types of attacks like phishing involve impersonating family or friends and then asking the victim to lend them some money. Many a grandparent has fallen prey to this, believing that they are sending money to a grandchild that is in dire financial straits. Criminals will use email addresses that appear very similar to the legitimate email, or they may just hack the family members email account outright.

Along the same lines, digital con-men prey on people’s niceness and willingness to help by pretending that they are a charity and are looking for donations or to raise funds for some cause. But, once the victim enters their credit card information to make the donation, the digital fraudster will run off with the card information and either use it or turn around and sell it on the digital black market.

Baiting schemes, in particular, depend on correctly reading the tendencies of their victims in order for them to be successful. Unlike other scams which are proactive in asking for money or information from the victim, this scheme uses “baits” – content, often downloadable, that users covet or want. Once the content has been downloaded onto the victim’s device a trojan or worm is usually activated and will start uploading information from the device.

The types of schemes and attacks are numerous. The tactics and strategies of these criminals are ever changing as well. However, one thing they all have in common is they require the victim to make quick, irrational decisions. A lot of these scams can be foiled by simply slowing down, reading everything thoroughly, fact checking and actually engaging the person who you think the email is coming from. Does your child or grandchild need that money right now? Does Brian from the Accounts Department really want me to send £25,000 to that bank account number? I’m sure that a quick phone call to them will not hurt. Does that free download seem too good to be true? Most likely it is but perhaps it’s not. At the very least run it through a couple layers of anti-virus before installing.

This article was contributed by David Share from http://ift.tt/1TK1gm1.

Wanna learn how to make more money with your website? Check the Online Profits training program!




from Daily Blog Tips http://ift.tt/1Z9Wvng
via IFTTT

No comments:

Post a Comment