Social engineering is nothing new. It’s a tool of psychological manipulation that’s been used since the dawn of man.
Sometimes it’s fairly harmless, like a child sweet-talking his mom in order to get extra candy.
Social engineering taps into the human psyche by exploiting powerful emotions such as fear, urgency, curiosity, sympathy, or the strongest feels of them all: the desire for free stuff.
Which is why cyber criminals have caught on.
Cyber crooks use this dangerous weapon to get at the weakest link: us. They know that the easiest way to penetrate a system is to go after the user, not the computer. Why use some hard technical flaw to acquire a password when you can simply ask the user for it?
A popular social engineering tactic is the technical support scam. An alert pop-up will appear on the screen that tells the user he is infected and needs to download a malware application. The user, fearful of infection, will download the fake antivirus or anti-malware application that is instead a vehicle for delivering malware.
I had a client – an elderly lady in her early seventies who became a victim of such tactics. Only thing she was trying to do was to activate her newly purchased Magic Jack phone adapter. According to her, she called Magic Jack support to get help installing & activating it. Not sure what number she called but web is full of such fake look alike sites which pulls up on top of search when you try to find some help for anything computers and if you are not careful, you end up calling some crook who is out to get you. So the person at the other end concluded that her computer has some kind of virus due to which she is unable to install/activate Magic Jack. The agent suggested that he can ask some support company to call and help her with that issue. She received the call in next few minutes and followed the instructions of caller who tricked her to download & install malware which resulted in locking her out and asking for ransom of $299.
I have had many other clients who have fallen victims like this while trying to find solutions for wide variety of problems online. Best thing is not to allow anyone whom you don’t know connect remotely to your computer or to download and install any program you don’t know, understand or checked the authenticity on site like VirusTotal.