Whether it is on the phone, online or in person, here are ten lies hackers, phishers and social engineers will tell you to get what they want
This is Bob from IT. Your computer is infected.
In 9 dirty tricks: Social engineer's favorite pick up lines, Chris Nickerson, founder of Lares, a Colorado-based security consultancy, explains why this old social-engineering trick is often still successful. He should know, he uses it frequently as a pen tester.
Scammers often take advantage of a timely event, like a high-profile piece of malware that is infecting many computers. The average, non-computer savvy employee gets nervous with the technicality of what the "IT person" on the phone is telling them.
"Eventually, I say 'Look, why don't I fix this for you? Give me your password and I will deal with it and call you back when I am done,'" said Nickerson.
The strategy plays on a person's fear and lack of comfort with tech, said Nickerson.
I’m trapped in London! Help!
Also known as a 419 scam, social networking sites, like Facebook, are where this ruse typically takes place these days. Scammers often hack into accounts and message the person’s friends, claiming to be trapped in a foreign country with no money.
"The claim is often that they were robbed while traveling and the person asks the Facebook friend to wire money so everything can be fixed," said Graham Cluley of Sophos in 9 dirty tricks.
Can you hold the door for me?
In 5 security holes at the office, Nickerson notes a common tactic for entering a secured building unseen is to hang out in the smoking area and wait to be let in by an unsuspecting employee.
"A social engineer’s best friend is a cigarette," said Nickerson.
In other cases, social engineers will simply tell building employees that they’ve lost their access card or badge, and need to be let in, a technique known as tailgating.
Have you seen this blog about you?
This con is rampant on Facebook and Twitter and involves a question that piques the user's interest and then directs them to a fake login screen.
In 5 Facebook, Twitter scams to avoid, Sophos’ Cluley notes it is a classic phishing ploy. Social engineers may be looking for your account information in order to send spam, or pose as you in order to pull off a 419 scam like the one mentioned previously.
Your account has been closed
Another line to get you to panic, the social engineer is often hoping you will hand over your bank account information in order to make everything right again.
In ACH fraud: Why criminals love this con, Deb Geister of LexisNexis explains this trick, usually delivered via phishing email can prompt recipients to open a fake message. Once the recipient opens the email, a Trojan is placed on their system that is exceptionally good at stealing sensitive data, and it is especially interested in online banking credentials.
I’m late and in a hurry! Please just let me in!
In a famous scene in the social engineering classic "Sneakers," Robert Redford pretends to be a father (complete with birthday cake) late for his daughter’s birthday party while another cohort acts as a delivery person. The tag team manages to distract and fluster the guard at the door enough to easily get Redford into the building without the proper credentials.
Donate to the hurricane recovery efforts
Shortly after a major earthquake, tsunami or other disaster, fake donation sites often pop up. SANS Security recently observed this trend after Hurricane Sandy, warning that scammers had quickly registered thousands of domains with words such as "relief" and "Sandy."
The goal is to dupe well-meaning individuals into submitting donations for relief efforts. Of course, those who donate to these fraudulent sites often find their credit card information, and money, is stolen instead.
Get a free Starbucks gift certificate!
In 7 Scrooge-worthy scams for the holidays, Beth Jones, a senior threat researcher with Sophos, notes the free gift card offers are really just an identity theft gimmick in disguise with the goal of stealing your information to sell if off for profit. Avoid them. Retailers are not giving out free gift cards just because you fill out a survey.
This tactic is also common on Tumblr and Pinterest notes Christopher Boyd, senior threat researcher at GFI Software 5 scams on Tumblr, Pinterest.
If something is trending on Twitter, it won’t take long for the social engineers to hijack it and use it to try and spread bad links laden with malware.
Within hours of the naming of the new Pope this month, scammers had already set up and account using his name and claimed to be the new Pontiff.