Social Engineering Scams
Social Engineering describes a scheme that targets a small number of potential victims using any combination of the phishing techniques described above in a complex fraud. It could even involve an impersonator showing up in person with the goal of gaining physical access to a system or building. The purpose of Social Engineering is to psychologically manipulate targets into disclosing sensitive information or taking inappropriate actions. Many times, victims have no idea they did something wrong until the fraud is exposed.
Cybercriminals’ motives are the same with social engineering scams as with tech support scams. The goal is to motivate a user to complete a form or install something to access information or money. One example is an iPhone giveaway, which starts asking a series of questions on the first page. When the user is 20% done, there is a new questionnaire and then another questionnaire, until they have collected all the user’s confidential information and now the user is just 10% away from getting an iPhone. There’s nothing inherently wrong with these ads because they are legitimate rewards. There is no way to distinguish between legitimate and malicious ads because they are intermingled within the very fabric of internet advertising. One out of 10 ads are malicious, but they are precisely the same as legitimate ones, there are no files or malware to detect.
Example: Screen shots of iBitcoin frauds that are part of social engineering scams.
SlashNext Blog | Social Engineering Scams
Today, while man-in-the-middle (MiTM) attacks are still a big concern, the security endpoint has changed to the browser, creating a MiTB phishing threat that poses real danger.
It’s Time to Get Started with SlashNext
Learn how to leverage the industry’s best zero-hour phishing protection and IR solutions in your environment.