Social Engineering Expected to Increase
A recent data breach affecting 123 million American households speaks to the expected increase in social engineering scams of those impacted by the breach.
California-based data service company Alteryx recently experienced a data breach that exposed some PII elements (address, phone number, longitude/latitude coordinates). However, the data exposed is even more troubling because it was paired with extensive analytics on consumer behaviors, interests and financial/spending habits. The 36 GB file focused mostly on consumer behavioral segments – 248 to be exact – like “Book Buyer,” “Religious Contributor,” “Phone Activity Date” and “Interest in Gourmet Cooking.”
Fraudsters do their research
Most scams work because victims are successfully convinced the scam is real. Thus, victims give criminals their information more often than it is maliciously stolen. A scammer’s main goal is to convince you to hand over your information voluntarily, as opposed to using forceful intimidation or threats.
While hostility is one social engineering methodology, expert scammers know they will be most successful if they gain your trust. Identity thieves do their homework on your interests, business relationships, demographics, behaviors and other personal details before targeting you in a scam to align with these elements. The research and strategy that goes into planning a scam attack is what social engineering is all about.
Common Social Engineering Tactics
If you’ve seen someone around or heard their name before, you’re more likely to trust that they are legitimate. For example, receiving an email appearing to be from a well-known company or a call from someone claiming to be your local senator’s campaign manager.
It’s human nature to comply with someone who expresses hostility toward you. If you consider somebody as a threat, you are more likely to do what they tell you. For example, downloading a virus that threatens to destroy your computer files if you don’t pay a fine, or receiving a call from a person posing as a police officer demanding money for an arrest warrant.
It’s easier than you think for someone to gather information about you. For example, they can rummage through your trash for credit card forms, bank statements and other pieces of mail that contain personal information or lurk through your social media activity.
Source: Fighting Identity Crimes
Fight fire with fire
Criminals will continue to hone their social engineering skills to further perfect their targeted scams. Cybersecurity risks, data breaches and other identity crimes have become commonplace. But, if you know what to expect, you can be better equipped to know what to do if fraudsters use social engineering tactics against you.
What can I do to protect myself?
Alteryx’s recent breach affected 123 million American households, meaning there’s a probable chance you’ve been impacted. Use the tips below to help spot social engineering scams that may be targeting you because of this breach:
- Avoid clicking on links that will redirect you to other sites. If you have the legitimate web address on-hand, manually type it into your Web browser.
- Verify emails or calls you receive from well-known companies. Request to call or email them back with the information you have on file for that specific organization.
- Never open any message (email, text) if you do not recognize the sender. If you do recognize the sender, verify that his or her account was not hijacked before clicking on links or attachments.
- Think before you post on social media. Fraudsters use public-facing information on social media accounts, blogs and other online profiles to capture sensitive information, as well as research your interests and behavior. If you are using online blogs or social media accounts, be sure your privacy settings are on.
Continue following Fighting Identity Crimes to stay up-to-date on the latest breach and scam updates, ID protection news and tips from our industry experts.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.