When you imagine hackers, what do you see?
Nerds slouched over their keyboards? Computer whizzes looking to earn an extra buck? Punk kids doing it for the thrill?
Truth is, hacking is often more simple than that. With the technological leaps and bounds that have been made in the last couple years, it has become harder and harder to trick computers. Many hackers have therefore turned to a much older and more stable art: that of tricking humans.
You’re probably familiar with some of these scams, which have managed to seep their way into the public conscious.
From The Emperor’s Clothes to the Emperor’s Bank Account
The most famous is the Nigerian Prince Scam. The way this scam works is that the sender claims to be a member of Nigerian royalty, who is currently unable to access his savings account. If the recipient can send the prince a certain amount of money, then the prince says that he will be able to access this savings account. The sender/prince then promises that as soon as he gets access to his savings account, he will send the recipient his initial investment and then some.
Of course, it’s all a lie. When people send the money, one of two things happens. Either the email sender simply disappears, or they invent more charges that the email recipient must pay.
This scam might seem like an obvious ploy to some. Why would a Nigerian contact a random person, who’s generally unimportant on the geopolitical scale? But the incredulity is half the point. The Nigerian Prince Scam is often sent to a variety of individuals. Those who don’t believe it usually don’t reply, which weeds out the people who are the least likely to believe the scammer. That leaves the rest of us to get duped.
Phishing for Information
There are many other examples of Social Engineering, most of which don’t involve such sensational content. For instance, you might get an email that claims your bank needs you to verify your account information. Sometimes they might ask you to click on a link, which will send you to a login page that looks just like the login page that your bank actually uses. You provide them with the username and password, which they promptly use to steal money from your account.
Acts such as these are known as “phishing,” i.e. when a hacker pretends to be someone they’re not: a bank employee, a Microsoft tech, etc. They contact you and “fish” for information, hoping that you’ll give them the information they need to take your money or identity.
This leads us to the most important question of all. How do you protect yourself against these scams? You’ve already done the first and most important thing, which is to know that they exist. Oftentimes the people who are getting hit hardest by these scams are the ones who just don’t expect them.
But it takes more than knowledge to avoid these scams. Many of us know that people lie on the Internet, but there’s still a knee-jerk reaction to try and have faith in humanity. Sometimes, we don’t want to believe that people are lying. We especially want to believe them if they’re offering something to us, like extra cash.
The trick is to be savvy. Now that you know about social engineering scams, you just have to apply common sense. When opening an email from someone you don’t know, ask yourself why this person would send you this email at this particular time. It’s rare for a company to ask you for your login information, unless you’re logging onto their site, just like it’s rare (and perhaps inconceivable) that a Nigerian prince would contact you and ask you for money.
Know How They Know What They Know
Even if you’re careful, detecting scammers can still be tricky. For instance, what if they have your personal information? If a scammer contacts you claiming to be a “long lost son,” you might be suspicious. But what if they know where you go every Memorial Day Weekend? What if they know your name, the name of a family member, where you work and what your interests are? Would that convince you?
It’s horrifying to think about, but much of that information is available online. Through social networks like Facebook, Twitter, Tumblr, and Linked In, many of us are giving away our personal information. This isn’t necessarily a bad thing–sharing is one of the points of social media, anyway–we should still be conscious of what we’re putting out there. One quick Google search, and a scammer may know everything they need to know to dupe you. But if you know what information you’ve put out there, you’re better equipped to know who’s trying to trick you.
The Bottom Line
Here’s a quick summation of what you need to know.
It’s easier for hackers to get the information from people than from computers.
Hackers often engage in “Phishing,” which means they’re pretending to be someone they’re not.
Use common sense when providing personal information, making sure to ask yourself why people need to know what they say they need to know.
Hackers have a lot of your personal information at their disposal already. Don’t trust them just because they provide information that only your friends should know.