In general, as humans we desire to help our fellow humans. Unfortunately, this fact is exactly what they come to take advantage of attacks which are known as Social Engineering. Scammers who use Social Engineering attacks try to manipulate people to get things they want. What does an internet hacker want? The two basics, passwords and generally personal information that will help him learn more about his victim.
Social engineering is not a simple trick, there is a very well defined framework for this type of attack that is extremely detailed and contains specific attack methods. More details on all aspects of social engineering can be found at book of Chris Hadnagy.
Of course, no one wants to be the victim of a Social engineering attack, so it's important that you can recognize the attack when it's still in progress so you can respond appropriately.
1. If you are called from Technical Support
How many times have you called technical support and been on hold for a long time? How many times have you been called by some technical support, to solve a problem for you? problem that maybe you didn't even know about? The answer is probably: none.
If you get a call like this from someone claiming to be tech support, you should immediately think of a huge red flag warning you about a Social engineering attack. A company's technical support has a lot of incoming calls and is almost unlikely to start looking for on its own problems. Hackers on the other hand, when trying to get information such as passwords or trying to get their victim to visit malicious links containing malware, will try to impersonate people you trust.
Ask "technical support" to visit you at your place. Check their story, call them to a number that can be checked. If you are in an office, call them using their internal number.
2. Beware of Extraordinary Inspections
Social Engineers often disguise themselves as inspectors. They can hold a block, and wear some form. Their goal is usually to gain access to restricted zones in order to extract information or install software such as key loggers on computers within the target company.
Check with the company's supervisors to see if someone who claims to have come to check something is a real person. Call security and do not let them be close to a company system.
3. Do not fall into the trap of "act now" or "urgent"
One thing that all Social Engineers do to circumvent your rational thought process is to create a false sense of urgency.
Η pressure of acting quickly can override your ability to think about what's really going on. Never make hasty decisions when someone you don't know is putting too much pressure on you. Tell them you'll be back later because you're leaving now, or that you'll call them back when you've verified their story with a third party.
4. Watch the bullying tactics like "Help me or the boss will kill me"
Fear is another feeling - a means used by Social Engineers and other scammers to take advantage of the event. They will use fear, be it the fear that comes from a problem, or the fear of an expiring term, etc.
Fear, combined with a false sense of urgency, can shorten your thought processes and make you vulnerable to Social Engineers' requests.
