They are dangerous, tricky scams designed to tug at your better judgment, draining bank accounts, creating havoc with your friends, and manipulating your reputation. Social engineering scams — the type of scams used by criminals to exploit a person’s trust to obtain money or sensitive information or both — have become much more sophisticated with the rise of AI.
I’m passionate about protecting your privacy and security. I often hear from people saying “why should I care, I’d never fall for one of these scams.” Guess again.
Until now, popular phishing scams typically involved scammers calling innocent people, claiming to be from a company, and convincing them they owe money on an invoice or something. To combat this, brands have tried to protect their customers by saying, “They’ll never call.” But, with OpenAI’s recent announcement of its voice-mimicking tool, we’re heading into a new era of social engineering scams.
We spoke to Tom Tovar, CEO of Appdome, a cybersecurity company dedicated to protecting mobile apps. He unveils the unsettling truth about social engineering scams and warns that it’s not just about being aware—it’s about being prepared. The time to change our mindset is now, or risk becoming the next victim in the ever-evolving game of digital deception.
How to spot a social engineering scam
In the intricate world of cybersecurity threats, social engineering scams really make their mark by cleverly manipulating our human instincts and emotions. According to Tom, “Social engineering scams exploit the everyday fear, uncertainty, and doubt in humans to gain access to protected accounts, information, resources, payments, and more. These attacks can also abuse commercial expectations, business processes, and psychological tactics to trick humans into interacting with the scam.”
What are some of the most recent social engineering scams?
In these scams, fraudsters masquerade as employees from banks, financial institutions, or government agencies to gain the trust of their targets. Another social engineering scam could look like a vacation giveaway from a familiar friend but instead is a trick to get you to engage. By leveraging this trust, they manipulate individuals into divulging sensitive information or making financial transactions that benefit the scammer.
“In these attacks, the attacker has to get the user to interact.” Tom explains.“So, they may send a very convincing text message to the victim purporting to be the fraud department of the bank.” This text message will say something like, “Did you make this purchase? showcasing a supposedly fraudulent amount, usually concerning enough to panic the victim into replying “no” as quickly as possible. When they do this, they may receive a response saying, Thank you. Someone from our fraud team will be in touch with you shortly.”
From there, the attacker and the victim are now in direct communication, where they can be tricked into handing over their sensitive information. In other scenarios, they may be told they need to download specific software to mitigate whichever situation the scammer convinced them of. With this software, the scammer can control their entire device.
Though there are other variations of this new social engineering style, they all involve taking advantage of the victim’s emotions and vulnerability to commit their deceptive act. When we asked Tom how we can expect social engineering scams to change with this current wave of AI-supported, AI-generated scams, he said, “It’s just the wind before the storm.”
MORE: CAN AI HELP SOMEONE STAGE A FAKE KIDNAPPING SCAM AGAINST YOUR FAMILY?
How should you adjust your outlook to recognize better and combat social engineering scams?
Many brands have told their customers, “We’ll never call you,” to fight these impersonation scams. It makes sense but only leads scammers to devise new ways to trick their victims. Not only this but according to Tom, there’s another issue with telling your users that you won’t call them. “As brand loyalists, enthusiasts, and supporters, that’s not really what we want our favorite brands to say.” He’s right. After all, one of the reasons customers may choose one brand over the competition is the ease with which they can talk to somebody if they have a question or concern.
MORE: HOW SCAMMERS HAVE SUNK TO A NEW LOW WITH AN AI OBITUARY SCAM TARGETING THE GRIEVING
Beyond gut feelings: Navigating the blurred lines of AI-driven scams
Tom says, “Of course, if someone calls you, you want to be aware of what you’re being asked to do, and if it sounds fishy, don’t do it.” But because of AI’s sophistication and the clever, innovative tricks that scammers have up their sleeves, asking you to go with your ‘gut feeling’ is simply not enough. “The line between what feels fishy and what feels real is gone.”
Proactive steps against sophisticated social engineering scams
Protecting yourself from social engineering scams, especially in the age of AI, requires a multi-faceted approach. Here are some steps to help you safeguard against such threats.
1) Stay aware: Keep up-to-date with the latest scam tactics and cybersecurity news. Awareness is the first line of defense.
2) Verify independently: If contacted by someone claiming to be from a company, verify the claim by contacting the company directly through official channels.
3) Guard personal information: Be cautious about sharing personal information, especially in response to unsolicited communications.
4) Use two-factor authentication: Enable two-factor authentication wherever possible to add an extra layer of security.
5) Be skeptical: Approach too-good-to-be-true offers and urgent requests for action with skepticism.
8) Secure communications: Use encrypted communication channels and avoid discussing sensitive information over unsecured networks.
9) Regularly update systems: Keep operating systems and cybersecurity software up-to-date to protect against known vulnerabilities.
10) Avoid unknown links and downloads: Do not click on links or download attachments from unknown sources, as they may contain malware. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (85% off) for the TotalAV Antivirus Pro package.
By implementing these steps, individuals and organizations can build a stronger defense against the evolving landscape of social engineering scams. It’s important to remember that as technology advances, so do the tactics of scammers. Continuous education and vigilance are key to staying protected.
Kurt’s key takeaways
Sadly, dodging sneaky social engineering scams is part of our everyday life in the world of connecting online. It’s like a game of digital cat-and-mouse, and we’ve got to stay one step ahead. So, what’s the game plan? First, let’s keep our eyes peeled for the latest scammer tricks—it’s all about staying in the know. However, it’s also about prevention, not just detection. If you get a call or message that smells fishy, trust your gut and double-check with the official sources. Remember, sharing is not always caring, especially regarding your personal information. Oh, and those too-good-to-be-true offers? That’s a big red flag. Let’s not make it easy for the scammers.
Have you ever encountered a social engineering scam? What red flags helped you recognize it? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.