In general, as humans we wish to help otherspeople us. Unfortunately, this fact is precisely what attacks known as come to exploit Social Engineering. Scammers who use Social Engineering attacks try to manipulate people to get things they want. What does an internet hacker want? The two basics, passwords and generally personal information that will help him learn more about his victim.
Social engineering is not a simple trick, there is a very well defined framework for this type of attack that is extremely detailed and contains specific attack methods. More details on all aspects of social engineering can be found at book of Chris Hadnagy.
Of course, no one wants to be the victim of a Social engineering attack, so it's important that you can recognize the attack when it's still in progress so you can respond appropriately.
1. If you are called from Technical Support
How many times have you called a technique? support and were you on hold long enough? How many times have you been called by some technical support, to solve a problem that you may not have even known? The answer is probably: none.
If you receive such a call from someone who claims to be technical support, you should immediately think of a huge red flag warning you of a Social Engineering attack. The technical support of a company has several incoming calls and is almost unlikely to start looking for problems for itself. Hackers on the other hand, when trying to get information such as passwords or try to make their victim malicious malware links, will try to disguise themselves in people you trust.
Ask "technical support" to visit you at your place. Check their story, call them to a number that can be checked. If you are in an office, call them using their internal number.
2. Beware of Extraordinary Inspections
Social Engineers often disguise themselves as inspectors. They can hold a block, and wear some form. Their goal is usually to gain access to restricted zones in order to extract information or install software such as key loggers on computers within the target company.
Check with company supervisors to see if someone who claims to have come to check something actually exists face. Καλέστε την ασφάλεια και μην τους αφήσετε να είναι κοντά σε κάποιο system the company's.
3. Do not fall into the trap of "act now" or "urgent"
One thing that all Social Engineers do to circumvent your rational thought process is to create a false sense of urgency.
The pressure of acting quickly can bypass your ability to think about what's really going on. Never make hasty decisions when someone you do not know is pushing you too hard. Tell them that you'll be back later because you were leaving now, or that you would call them back when you have verified their story with others.
4. Watch the bullying tactics like "Help me or the boss will kill me"
Fear is another feeling - a means used by Social Engineers and other scammers to take advantage of the event. They will use fear, be it the fear that comes from a problem, or the fear of an expiring term, etc.
Fear, combined with a false sense of urgency, can shorten your thought processes and make you vulnerable to Social Engineers' requests.
