Africa

Americas

Asia

Europe

Oceania

Popular Topics

Topics

About

Policies

Our Network

More

Close
Menu
Social Engineering: Eight Common Tactics

Social Engineering: Eight Common Tactics

A refresher course on some of the most prevalent social engineering tricks used by phone, email and Web.

Joan Goodchild Joan Goodchild (CSO Online)
Comments

3. Borrowing your 'hold' music

Successful scammers need, time, persistence and patience, said Lifrieri. Attacks are often done slowly and methodically. The build-up not only includes collecting personal tidbits about people, but also collecting other "social cues" to build trust and even fool other into thinking they are an employee when they are not.

Another successful technique involves recording the "hold" music a company uses when callers are left waiting on the phone.

"The criminal gets put on hold, records the music and then uses it to their advantage. When he or she calls the intended victim, they talk for a minute and then say "Oh, my other line is ringing, hold on," and put them on hold. "The person being scammed hears that familiar company music and thinks: 'Oh, he must work here at the company. That is our music.' It is just another psychological cue."

4. Phone-number spoofing

Criminals often use phone-number spoofing to make a different number show up on the target's caller ID.

"The criminal could be sitting in an apartment calling you, but the number that shows up on the caller ID appears to come from within the company," said Lifrieri.

Of course, unsuspecting victims are more than likely to give private information, like passwords, over the phone if the caller ID legitimizes it. And, of course, the crime is often undetectable after because if you dial the number back, it goes to an internal company number.

5. Using the news against you

"Whatever is going on in the headlines, the bad guys are using that information as social engineering lures for spam, phishing and other scams," said Dave Marcus, director of security research and communications for McAfee Avert Labs.

Marcus said Avert has seen a rise in the number of presidential campaign-related and economic crunch-based spam emails lately.

"There have been a bunch of phishing attacks related to banks being bought by others," said Marcus. "The email will say 'Your bank is being bought by this bank. Click here to make sure you update information before the sale closes.' It's an attempt to get you to release your information so they can log into your account to either steal your money or sell your information to someone else."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags social security

Show Comments
[]