When we hear the word hacking, we usually imagine computer geeks using advanced coding software to steal our information. But unfortunately, that’s not how they usually get into your account. Most of the time, hackers get into your accounts by tricking you into giving them your personal information. This technique uses what they call social engineering, and its one nasty scam.
Social engineering isn’t supposed to be for malicious use. It’s mostly reserved for cops and business professionals. Michele Fincher, chief operating officer of the Social Engineer agency, says, “Malicious social engineers aren’t necessarily very technical people”. “They’re crafty and clever in the way they think,” she added.
With that in mind, here are the 3 main ways you can get scammed by social engineers into giving away your account information.
1) The IRS scam
Source: BrightScope, Sage Broad View
The first is the IRS scam, in which hackers call the target from a spoofed phone number (one that masks their real number and replaces it with a fake one). The hacker, already knows a great deal of information on the target. These might include their name and address (which they probably got from the dark web from a breach in the healthcare system). All they have to do next is call and say that they’re from the International Revenue service.
They’ll say that one of their older tax returns from 3-5 years ago has accrued late debt. The price is usually around $2,000-$5,000. They’re not saying ‘you owe us $50,000’, but a number that most people could afford to scrounge up,” says chief human hacker Chris Hadnagy.
Once the target falls for it, they’ll say that since the debt was previously unpaid, bank transfers and credit card payments are not accepted. The only acceptable option is via a courier service like Western Union, which is non-refundable and non-traceable.
Source: Kaspersky Blog – Kaspersky Lab
Another nasty scam is a thing called ransomware, in which a hacker convinces you into installing malicious software. These encrypt and lock all of your data making them inaccessible to you. The hacker will then ask for a ransom which is anywhere from hundreds to thousands of dollars to get your data back. They can then lead you to different ways to pay your debt like Paypal, credit card, or bitcoin.
Most of the time, they don’t even give you your data back, so you’re left with lost files and your stolen bank passwords and information.
3) Business Email Compromise scams
Last but not the least, the BEC scam. This is where hackers will try to get into your email and then browse for any financial data stored in it. These often include bank statements, login information, verifications, and payments.
They use various means such as letting you install malicious software that’ll let them access your PC remotely. They can even send you a fake “You need to reset your password” email. This leads you to a fake site which they use to get your real password.