For cybercriminals, 2022 was, no doubt, a lucrative year. The average data breach cost rose to $9.44 million in the US. The uptick in cybercrime will continue into 2023. In fact, experts predict that accumulated global losses could reach a staggering $8 trillion this year. Cybercrime often results in costly data and financial loss, massive operational disruptions, and reputational damage for organizations. As for individuals, it could mean loss of privacy, identity, money, and personal safety, in addition to compounded stress and anxiety.
But how have cybercriminals continued to thrive despite the impressive tech tools at our disposal to protect us? Human emotions are a major contributing factor to this trend. Trust, curiosity, fear, and empathy have all become pivotal weaknesses for cybercriminals to exploit. And that’s exactly what social engineering is all about. Let’s dig deeper.
Hacking vs. Social Engineering
In hacking, criminals would forcefully break in to access personal or confidential data. However, social engineering scams typically manipulate victims into providing data access.
These fraudsters will use a raft of tactics to deceive victims. They primarily bank on basic human emotions—from empathy, kindness, and love to greed and fear. It is a highly prevalent and growing threat that seems to evolve in sophistication each year.
Social Engineering Tricks to Avoid in 2023
Awareness is critical to protect yourself from social engineering tricks in 2023. Here are the top scams to watch and what you can do to avoid falling prey.
Phishing is inarguably the most common type of social engineering trick in a cybercriminal’s handbook. According to Interisle Consulting Group, phishing scams grew by 61% in 2022. Given its high success rate, it will continue to be a favorite tactic for criminals in 2023 as well.
Phishing often involves an email with a virus-infected attachment or a link directing you to a malicious site. These links could even arrive through social media channels or message boards. But the goal is simple—to deceive you into either revealing personal data or performing a financial transaction.
But how do they do it? By winning your trust. The source of these emails and messages will typically seem trustworthy. It could carry the name of a friend, family member, coworker, former acquaintance, reputed retailer, or a familiar organization like your bank. There are many technological hacks to mimic someone else’s email identity. This makes it easier to manipulate social engineering victims into letting their guard down.
So, how can you identify and avoid a phishing scam?
- Check the email address. The name might seem familiar, but the email address might not be. Often, they will vary slightly from the original one they are imitating. There could be an extra letter or a missing character.
- Ideally, the website name shown on the email and the URL linked to it should match. To find out, hover the cursor over the linked text, and the website URL will appear either next to it or on the bottom left of your screen. Check whether it seems familiar or distorted.
- Never click on email links to access websites and account login pages of banks, retailers, and other service providers. Type in the URL instead.
- Install a virus guard to screen your emails for malicious attachments and block downloads if anything seems amiss.
A study last year found a five-fold increase in vishing attacks. So, building awareness is crucial to protect yourself from their advances in 2023.
Vishing is similar to phishing, but scammers rely on phone calls instead of emails to reach potential victims. Again, they will imitate a trustworthy source to “fish” for your data or trick you into sending them money.
For example, they could assume the identity of a reputed financial firm and ask you to confirm your social security number, full name, and date of birth to initiate a pre-approved loan. Or fraudsters could claim that you have won the lottery. They will then ask you to pay a processing fee before they can transfer the prize money to your bank. There is no guessing how you could experience a vishing scam—they are elaborate and diverse in nature and could be pretty convincing.
Here are a few tips for tackling this type of scam:
- Ignore calls from unidentified numbers. Before calling back, search for its owner on PhoneHistory.
- If an organization requests money or personal information over the phone, ask for some time to validate the request. Hang up, find their phone number on the phone directory or their website, and call them back.
- Download a call-blocking app that can identify spam and scam calls.
- If you think you were contacted by a scammer, inform the Federal Trade Commission, Federal Communications Commission, and the local police.
Baiting is another common social engineering trick you can expect to escalate in 2023. As the term implies, this type of scam uses “bait” to lure victims. For example, a website could ask you to click a button to download your favorite movies for free. Or a fraudster could send a virus-infected USB device with an appealing label to tempt you into checking its content.
All these have one thing in common—some kind of bait to manipulate your emotions. They are designed to exploit your curiosity, fascination, greed, and other raw emotion and persuade you into a scam.
Avoiding them is extremely difficult. The only hope is a good dose of caution. Do not allow emotions to misguide your decisions. Look beyond the outer appeal of any offer, object, or individual, and consider their true intentions before you act.
Emotional manipulation has been an age-old trick of scammers and fraudsters for centuries before the cyber age. But technology has given more sophisticated ammunition for modern-day predators. The result is a dramatic escalation of social engineering tricks. Naturally, guarding against them has become pivotal at both work and home.
Amping up your tech barriers is essential to prevent cyber threats, including social engineering risks. Multi-factor passwords, virus guards, and regular software updates are non-negotiable measures in these efforts. But no amount of digital tools can assure your safety if you are negligent and inattentive toward your data and financial security. Continued awareness of social engineering threats and a proactive approach to identifying and protecting yourself are crucial to ward off their advances.
Leave a reply
You must be logged in to post a comment.