I’ve heard it said that we as humans, are trusting and averse to conflict. While we can’t say that’s true of all people, fraudsters who focus on these vulnerabilities have been known to be successful. Even so, sometimes their methods require more sophisticated levels of psychological manipulation. Enter this article’s topic: Social Engineering.
Social engineers (or “Attackers”) manipulate individuals or groups using psychology, behavior, and/or emotions. Attackers exploit their target, relying on psychological factors including but not limited to trust, authority, curiosity, kindness, romance, or fear. This is how they deceive victims into divulging sensitive information, performing certain actions, or providing unauthorized access to confidential information.
Read on to hear about real-life examples of several types of social engineering methods.
#1 Reverse Social Engineering: A method of manipulation that preys on their victim’s desire to help or assist others.
A Member received a phishing email from someone who appeared to be a Microsoft Support representative and called a phone number from it, requesting to renew services. She was told that the costs would be due upfront, so in order to process that charge, she was directed to download a remote access software (which, in turn, gives the fraudsters access to her computer) and then log into her online banking profile while the scammer was on the phone. When the screen refreshed, the man over the phone was suddenly frantic, showing the member a screenshot of what appeared to be their bank account with an extra $8,500 deposited into it. Which, of course, there wasn’t.
The scammer said this was the member’s fault and that he’d lose his job for causing a $8,500 loss to his employer. Feeling guilty and wanting to help any way she could, she was socially engineered to send this man $8,500 in cash but with strikingly specific directions: they were directed to wrap the cash in a magazine and then wrap that magazine in tin foil and then send it to the scammer via UPS (paying over $120 for priority shipping, just to make sure it arrived quickly). The member was also told to send an additional $500.00 to bribe customs agents into letting the package pass through.
#2 Scare Tactics: A method of manipulation that threatens or terrifies a victim into complying with a fraudster’s demands.
A senior member requested an $8,000 cash withdrawal. The teller noticed that the member had been crying recently and gently asked what the matter was. Candidly, the member told us that they had gotten a phone call from their son-in-law who had been arrested for texting and driving and needed to be bailed out. The teller, recognizing the scam, asked, “..are you sure your son-in-law called you?” The member said yes, they believed so. The branch manager was on the phone with the fraudster, and the member gathered his wits and called their son-in-law’s direct cell number. To their relief, their son-in-law was at work and none of the fraudster’s story had been true. The member was stunned but incredibly grateful to us for the time we spent helping them avoid losses in this frightening situation.
#3 Pretexting: Fabricating a scenario or “pretext” to gain a victim’s trust, thus tricking them into divulging sensitive info or performing certain actions. This often involves impersonating an authority figure, a friend, a family member, or a coworker.
A member was targeted by a sophisticated vishing scam involving a small team of people claiming to be with US customs. They called to let him know that his identity and his bank accounts were all compromised by someone in Oklahoma who had opened several mortgages in his name. “Not to worry…” they assured him. He didn’t have to pay any legal fees or travel to Oklahoma to fight this criminal in court, they were here to help protect his money. The member recalled how legitimate it all felt at the start with the fraudsters coming equipped with a real-sounding alpha-numeric case number, badge numbers, and their use of official-sounding jargon.
They first said that they’d need to access his smartphone remotely to “verify his identity”, so he was directed to download the “AnyDesk” app, a software commonly used by scammers to gain remote access to a victim’s devices. They eventually told him to withdraw all of his money in cash and deposit it into a Bitcoin ATM and then transfer the funds to them “for safekeeping”. This is when he realized for certain that this was a scam. He disconnected the call despite their last-ditch attempts to keep him on the phone, practically screaming that he’d have to fly to Oklahoma and pay for everything to stop this identity thief without their help. Despite him successfully evading a loss to this scam, the member said the experience was traumatizing and berated himself for being “so stupid”.
#4 Romance, Relationships, and Trust: Using the illusion of a romantic or close relationship to manipulate and/or steal from the victim.
The member tearfully shared with me the story of how she met someone online. At first, the relationship was platonic, possibly open to future closeness. She felt for him and said she sent him funds from her account through an international P2P funds transfer service. Eventually, the two became engaged on the basis that she’d help him come to live with her in the USA. They began further correspondence through a texting app at this point in their relationship. She started having doubts about his integrity when he told her to open an account at HSBC Bank. Later, after directing her to set up additional P2P app profiles, he emailed her an altered/fictitious check for mobile deposit into her GB account. He told her that immediately after depositing, she’d need to transfer the funds from the check to some of his colleagues who would be using the funds to help him leave Lybia.
Being financially exploited can be a truly traumatic experience, as evidenced by these stories. This is why we at Great Basin choose to compassionately support and educate victims in their time of need, not blame them. In the meantime, protect yourself and others by staying informed about these and other social engineering tactics. Being cautious and maintaining a healthy sense of skepticism, can and will serve you when it comes to evading the dangers of social engineering. Please contact us if you feel you’ve been a victim of fraud. We are here to help you.
Fraud Prevention Analyst
If you have any questions about the security of your Great Basin Federal Credit Union Account or want to report possible fraud, please contact us at [email protected].
Find more helpful prevention tips and information on other scams in our Fraud Center.