What do you do when you get a text message from someone you don’t know? You probably just ignore it, right?
Well, what if it said that your debit card was being used for fraudulent purchases, and you had to act immediately before the thief struck again? And to fix your new problem, you only have to click a little link.
Would you click it?
If you said yes, then you may be a prime target for social engineering.
Keep reading to figure out how this devious technique works and why you should never click the link.
What is Social Engineering?
Social engineering is the process of someone hacking into your brain through emotional manipulation.
This tactic is implemented by skilled fraudsters who understand and take advantage of human behaviors and psychology. Social Engineering is designed to manipulate people into making security mistakes and giving up confidential information without the victim even knowing what’s going on.
The 3 Main Traits of Social Engineering
Every story based around social engineering is different, but you’ll find at least one of the following traits used in almost every case. In some of the most successful social engineering attacks, you’ll find all three.
1. Trust
Even though scammers are doing a dumb thing by trying to scam you, they’re not dumb people. They know that you know that the internet is full of fraud.
Scammers understand that for social engineering to work, they must gain your trust.
This is usually done by impersonating a trusted source, such as your bank, Amazon, Pay Pal, your electric company, or even Best Buy’s Geek Squad.
Typically, this is done by spoofing the company’s number or using the company's logos in an email.
Once a fraudster has your trust, they can get you to do almost anything.
2. Elevated Emotional State
A fraudster's goal is to get you to make an irrational choice that will lead them to your personal information. Getting you into an elevated emotional state is an excellent way of using your own brain against you.
The most used emotional state that scammers use is typically a mix of anger and fear.
For example, a scammer may send you a text claiming that someone swiped your credit card number and they’ve just bought half of an Apple Store.
If the text looks real enough, your brain will instantly become red hot, making you wish you could choke whoever stole your credit card number. At the same time, you’ll instantly be afraid that the thief might buy out the other half of the Apple Store with your card, which makes you want to deal with this problem as quickly as possible.
Another typical state of emotion that a scammer might try to put you in is excitement.
Have you ever gotten one of those pop-ups claiming you just won a PS5? You may have closed the pop-up right away, but others will let the sense of excitement flood their brain, opening themselves up to an attack.
3. Urgency
Fraudulent texts and emails are often written as urgently as possible.
A scammer doesn’t want you to think too long about the actions they’re trying to make you take. The longer you take to think about it, the more likely it is for you to snap out of your emotional state of mind.
Here’s an example of an urgent scam:
There are two lines here that lay the urgency on thick:
- They give an exact date, which is usually the current date or in a few days.
- The line “otherwise the account will be locked.” For someone in a heightened state of emotion, this line is guaranteed to get them to click on a fake link or call a fake number.
The 4 Main Types of Social Engineering Attacks
Before understanding how to avoid a social engineering attack, it’s important to know where these attacks most often occur.
Here are the four most common ways a social engineering scammer will try to get you:
1. Phishing Emails & Texts
This is perhaps the most common way scammers try using social engineering on you.
In most cases, a phishing email or text using social engineering will appear as if it’s from a  reputable company, say something that will get you mad or scared, and then urgently push you into clicking a link or calling a number.
These types of emails can slip right past your spam filters and should be ignored at all costs.
2. Spear Phishing Emails & Texts
Spear phishing attacks are very similar to regular phishing attacks but with one major difference. Where phishing attacks are usually sent out as a mass spamming spree, with the intent from the scammer to hit as many people as possible, spear phishing attacks target you specifically. 
A spear-phishing email or text will look like the example above but with your name or other details included to present more credibility.
To send a spear phishing email or text, a scammer skilled in social engineering will do as much research into your personal details as possible.
This research is usually done with your social media pages, so don’t be fooled by an email just because it has your name on it.
3. Baiting Emails and Texts
Baiting is also similar to phishing and spear-phishing, but with a different tactic when it comes to tricking you. The tactic involves trying to get your information by offering you something for free or at a reduced cost.
A baiting email or text will look something like this:
A baiting email or text is designed to play on your curiosity. If you click the provided link, malware will infect your system, and your computer or phone will be compromised. Some have even been baited and scammed via Zelle.
4. Pretexting
Pretexting is when a fraudster impersonates an authority figure in order to trick you into giving up your information. This can be in the form of a bank official giving you a call or an “Amazon worker” sending you an email.
Just because someone says they are who they say they are doesn’t mean it’s true.
How Can You Protect Yourself From Social Engineering?
Although there are many ways to protect yourself from social engineering, here are the two key ways to shield yourself from any mental-based attack.
1. Be a Skeptic
Don’t just believe the first claim you read. Ask yourself as many questions as you can think of.
“Is this email really from my bank?”
“Would someone really give a $1,000 gift card out for free?”
“Is this offer too good to be true?”
When it comes to texts and emails from strangers, never believe and always doubt.
2. Slow Down
The goal of the scammer is to trip you up as much as possible. To get you to make a mistake because you want to solve your “problem” as quickly as possible.
Even if the message you receive says that all of your money has been taken out of your bank account, don’t act right away.
Take a second and breathe.
Think to yourself that the message is most likely a scam, then verify through official means (like calling your bank).
More Tips on How to Avoid Social Engineering
Although the two tips above are enough to keep you safe from these types of attacks, here’s a quick list of secondary tips just in case.
- If you feel like a tempting offer is actually real, then do a quick Google search to verify its authenticity.
- Use spam filters. They’re not 100% perfect, and some scam emails will get through, but it’s still a good idea to have that basic layer of protection.
- Don’t click on any links you see from an unverified email or text. It’s not worth the potential malware that could be downloaded to your device.
- Keep your personal information to yourself. Revealing sensitive information to strangers on the internet is a recipe for getting scammed.
- Remember that legitimate sites and businesses will never ask for your password.
- Ask yourself, “Would my friend actually send this to me?”
Final Thoughts
The best defense against social engineering is awareness. You'll be prepared to handle the attack as long as you know that the threat is out there.
Just remember to be skeptical of every offer you see and always stay calm so you can make the right decisions.