Skip to main content

The Origin and Tactics of Social Engineering Scams

10 February, 2023

The prevalence of social engineering scams has reached alarming levels in recent times. As you check your email inbox, you’re likely to encounter suspicious-looking messages, often phishing emails. While many individuals have become more cautious and learned to avoid clicking on these malicious emails, the sheer volume of such scams raises the question: where do social engineering scams originate? The answer is quite straightforward: social media.

The Role of Social Media in Social Engineering Scams

With more than 4.74 billion social media users today, hackers perceive each user as a potential target. Exploiting the vast online population, hackers employ social media platforms to lure unsuspecting individuals into their traps. They create fake accounts and employ four primary methods.

Manipulating Public Opinion

Social engineers take advantage of people’s impressionability, particularly when it comes to information found on social media. They exploit this vulnerability to sway public opinion on various topics, including politics. Political parties frequently generate millions of fake accounts to disseminate information that can influence voters during elections. Posts from these fictitious accounts can quickly go viral and significantly impact voters’ decisions, all at a minimal cost. These tactics fall under the umbrella of social engineering scams.

False Advertising

You might come across posts on social media offering prizes for liking or sharing a page. Similarly, some pages claim to be on the verge of closing down and encourage users to share their page to obtain products. These deceptive practices are known as social engineering scams, specifically false advertising.

For instance, after the passing of Steve Jobs, a viral post emerged claiming that Apple was giving away iPhones and iPads as a tribute. Millions of individuals worldwide clicked on the malicious link, assuming they were participating in a legitimate raffle. However, they unwittingly infected their devices with harmful viruses.

Minimally Invested Profiles (MIPs)

Minimally invested profiles are mass-created, typically featuring alluring profile photos that entice individuals to add them as contacts, often on Facebook. Once a connection is established, hackers exploit these fake MIPs to send malware via messenger or post malicious links on users’ walls. This marks the beginning of social engineering scams.

Fully Invested Profiles (FIPs)

Similar to MIPs, fully invested profiles aim to prompt individuals to click on specific links. However, FIPs require more effort as they are meticulously crafted to appear authentic to their target victims. They may impersonate the accounts of real contacts, claiming to have created a new account due to hacking or forgotten passwords.

Vigilance is key to identifying these fake profiles. Exercise due diligence by thoroughly assessing every account before accepting friend requests. If an account is relatively new, lacks friends or content, and raises suspicion, it is likely a red flag.

Protecting Yourself from Social Engineering Scams

While social media has become an integral part of our daily lives, it is crucial to exercise caution and avoid careless usage. This applies to both personal and business accounts. If you use social media for business purposes, it is advisable to provide training on online attack prevention to all employees. By remaining vigilant and informed, you can safeguard yourself and your organization from falling victim to social engineering scams.

10 February, 2023