The great combinator Ostap Bender honored the criminal code. He preferred psychological tricks to banal robbery, so that the victims of his charm would voluntarily give up the keys to the apartments where the money was lying. Later, a special name was invented for such frauds — social engineering. We tell you what schemes social engineers use today and how to protect themselves from them.
Who are social engineers?
In a broad sense, these are specialists who know how to manipulate others. But usually we hear about those social engineers who use psychological techniques to lure money or data to access someone else's account.
According to statistics, in most cases people lose their savings not because their accounts are hacked by hackers. Bank card holders most often themselves inform fraudsters of their full details, including the number, expiration date, three-digit CVV /CVC code, as well as passwords and SMS codes that banks send to confirm transactions.
Even the smartest and most cautious people sometimes get hooked on fraudsters. We analyze the most common psychological tricks used by scammers.
Build trust
Scammers often present themselves as those from whom people do not expect a trick: employees of banks, tax service, law offices and other official organizations.
A social engineer can pretend to be your friend or relative, for example, by hacking or duplicating their accounts in social networks.
Usually, before making contact, social engineers try to find out as much as possible about a potential victim. They find out a person's data, most often with the help of phishing sites. Or they buy ready-made information databases with personal data that have leaked to the network.
Quite often, people themselves publish phone numbers, email addresses on social networks and even post photos of their bank cards.
This information is not enough to steal money right away. But it's enough to start a conversation and lull vigilance. When fraudsters address people by name and patronymic, call the card number or other confidential data themselves, it seems that they really represent a familiar organization or person.
Fake phone numbers, documents and websites
It is often difficult to immediately guess that you are dealing with scammers. They know how to masterfully disguise themselves:
Intimidate by losing money
To cause fear is already half the battle for the deceiver. A frightened person is much better susceptible to suggestion. For example, a fraudster calls "from the bank's security service" and informs that a suspicious operation is being carried out on the card "right now".
The confused "client" is offered to urgently call a three-digit code from the back of the card in order to cancel the transaction. Or transfer money to a certain "safe account".
If a person succumbs to panic and follows the instructions of the "experts", then, without knowing it, he himself will send all the savings to the scammers.
Lure with a win
Scammers actively exploit people's desire for easy enrichment. They create special sites with attractions of unprecedented generosity. For example, they offer to take a survey with a tempting monetary reward or participate in "win-win" contests, receive social benefits or return taxes.
These sites are advertised by fraudsters on social networks, sent out in messengers, by e-mail and SMS. Often, such advertising is accompanied by photos and glued cuts from videos with media personalities who encourage people to participate in this scam. By clicking on the link to the contest or lottery website, a person sees a lot of enthusiastic reviews from those who allegedly have already received their money.
However, in reality, instead of cash prizes, people are waiting for only losses. The organizers of the scheme, under various pretexts, ask them to enter card details in order to pay a symbolic tax, the services of "lawyers" or a commission for participation. The main danger lies not in the loss of an insignificant amount. After a person leaves confidential information on a phishing page, fraudsters gain access to the money in his account.
Restore justice
As a rule, fraudsters maintain databases of people who have already succumbed to their deception once and may fall for their tricks again. For those who lost money on financial pyramids, pseudo-galleries and other scams, scammers offer "compensation".
The goal is still the same — under the pretext of paying for "lawyer services" or "money transfer fees", a person is persuaded to specify the full details of the card so that he gets a chance to lose his money again.
Use high-profile information occasions
Fraudsters are becoming more active against the background of various disasters, natural disasters and epidemics. For example, during the coronavirus pandemic, fraudsters collect money "for the development of a vaccine" under the guise of the World Health Organization.
Social engineers follow the news and moods and quickly adapt to the current situation. During the period of self-isolation, they send SMS messages to everyone about a "fine" for violating quarantine with reference to non-existent laws.
On behalf of the airlines, they offer "compensation" for canceled flights in exchange for secret bank card data.
The most desperate dress up in protective suits and go to the apartments. They tell people that their neighbors have a "positive test for coronavirus." Therefore, they should also take the test — for a reasonable fee. The results of the smear can wait indefinitely, scammers are only interested in paying for their visit.
Do not give time for reflection
Scammers are deliberately hurrying and pushing to deprive a person of the opportunity to make an informed decision in a calm environment. They demand to transfer money immediately, urgently pay for any service, "as soon as possible" to give a secret number, password or code.
If you feel obvious pressure when trying to make any financial decision, this is a sure sign that you are dealing with fraudsters. At the slightest suspicion, hang up the phone and call the bank yourself by calling the hotline — it is on the organization's website and on the back of the bank card.
How to protect yourself from social engineers?
Scammers are constantly coming up with new schemes of deception. The only way to avoid money losses when meeting with scammers is to take any suggestions critically, double—check the information and never rush into making financial decisions.
Follow the basic rules of financial security:
Who are social engineers?
In a broad sense, these are specialists who know how to manipulate others. But usually we hear about those social engineers who use psychological techniques to lure money or data to access someone else's account.
According to statistics, in most cases people lose their savings not because their accounts are hacked by hackers. Bank card holders most often themselves inform fraudsters of their full details, including the number, expiration date, three-digit CVV /CVC code, as well as passwords and SMS codes that banks send to confirm transactions.
Even the smartest and most cautious people sometimes get hooked on fraudsters. We analyze the most common psychological tricks used by scammers.
Build trust
Scammers often present themselves as those from whom people do not expect a trick: employees of banks, tax service, law offices and other official organizations.
A social engineer can pretend to be your friend or relative, for example, by hacking or duplicating their accounts in social networks.
Usually, before making contact, social engineers try to find out as much as possible about a potential victim. They find out a person's data, most often with the help of phishing sites. Or they buy ready-made information databases with personal data that have leaked to the network.
Quite often, people themselves publish phone numbers, email addresses on social networks and even post photos of their bank cards.
This information is not enough to steal money right away. But it's enough to start a conversation and lull vigilance. When fraudsters address people by name and patronymic, call the card number or other confidential data themselves, it seems that they really represent a familiar organization or person.
Fake phone numbers, documents and websites
It is often difficult to immediately guess that you are dealing with scammers. They know how to masterfully disguise themselves:
- They replace the number from which they call or send a message. With the help of special software, they manage to hide the real number, and, for example, a familiar bank phone is displayed on your screen during their call.
- Fake documents: with the help of Photoshop, criminals create fake tax notices, receipts for fines, bills for apartments and send them to their home address, by SMS or email. If a person pays for such a notification, all the money will go to the scammers:
- Copy the websites of banks, microfinance organizations, insurance companies, popular online stores, as well as ad portals and payment pages. Fraudsters expect that the user will either immediately transfer money to their account, or leave confidential data of their bank card.
Intimidate by losing money
To cause fear is already half the battle for the deceiver. A frightened person is much better susceptible to suggestion. For example, a fraudster calls "from the bank's security service" and informs that a suspicious operation is being carried out on the card "right now".
The confused "client" is offered to urgently call a three-digit code from the back of the card in order to cancel the transaction. Or transfer money to a certain "safe account".
If a person succumbs to panic and follows the instructions of the "experts", then, without knowing it, he himself will send all the savings to the scammers.
Lure with a win
Scammers actively exploit people's desire for easy enrichment. They create special sites with attractions of unprecedented generosity. For example, they offer to take a survey with a tempting monetary reward or participate in "win-win" contests, receive social benefits or return taxes.
These sites are advertised by fraudsters on social networks, sent out in messengers, by e-mail and SMS. Often, such advertising is accompanied by photos and glued cuts from videos with media personalities who encourage people to participate in this scam. By clicking on the link to the contest or lottery website, a person sees a lot of enthusiastic reviews from those who allegedly have already received their money.
However, in reality, instead of cash prizes, people are waiting for only losses. The organizers of the scheme, under various pretexts, ask them to enter card details in order to pay a symbolic tax, the services of "lawyers" or a commission for participation. The main danger lies not in the loss of an insignificant amount. After a person leaves confidential information on a phishing page, fraudsters gain access to the money in his account.
Restore justice
As a rule, fraudsters maintain databases of people who have already succumbed to their deception once and may fall for their tricks again. For those who lost money on financial pyramids, pseudo-galleries and other scams, scammers offer "compensation".
The goal is still the same — under the pretext of paying for "lawyer services" or "money transfer fees", a person is persuaded to specify the full details of the card so that he gets a chance to lose his money again.
Use high-profile information occasions
Fraudsters are becoming more active against the background of various disasters, natural disasters and epidemics. For example, during the coronavirus pandemic, fraudsters collect money "for the development of a vaccine" under the guise of the World Health Organization.
Social engineers follow the news and moods and quickly adapt to the current situation. During the period of self-isolation, they send SMS messages to everyone about a "fine" for violating quarantine with reference to non-existent laws.
On behalf of the airlines, they offer "compensation" for canceled flights in exchange for secret bank card data.
The most desperate dress up in protective suits and go to the apartments. They tell people that their neighbors have a "positive test for coronavirus." Therefore, they should also take the test — for a reasonable fee. The results of the smear can wait indefinitely, scammers are only interested in paying for their visit.
Do not give time for reflection
Scammers are deliberately hurrying and pushing to deprive a person of the opportunity to make an informed decision in a calm environment. They demand to transfer money immediately, urgently pay for any service, "as soon as possible" to give a secret number, password or code.
If you feel obvious pressure when trying to make any financial decision, this is a sure sign that you are dealing with fraudsters. At the slightest suspicion, hang up the phone and call the bank yourself by calling the hotline — it is on the organization's website and on the back of the bank card.
How to protect yourself from social engineers?
Scammers are constantly coming up with new schemes of deception. The only way to avoid money losses when meeting with scammers is to take any suggestions critically, double—check the information and never rush into making financial decisions.
Follow the basic rules of financial security:
- Under no circumstances tell anyone the full details of the bank card, including the three-digit code on the reverse side; as well as PIN codes and passwords from SMS from the bank.
- Do not follow questionable links from messages and do not transfer money to strangers on demand.
- Do not keep a lot of money on the card you use to pay online: put only the amount you are going to spend at the moment. In this case, even if the scammers try to steal the money, they will not be able to withdraw too much.
- After receiving a sudden call from a financial institution with an urgent question or suggestion, put down the phone and call there yourself, finding the number on its official website. Dial this number manually. If you are contacted from a company that you are not a client of, first check it in the directory of financial organizations.
- Do not immediately agree to any "tempting offers" — be it a "profitable loan" or a sudden compensation. Give yourself time to think, consult with friends, search the Internet for information about the company and the "unique promotion" that it advertises to you.
- Do not publicly publish your personal data: phone number, home address, passport data. Scammers are willing to use this information in their scams.