Are you susceptible to a 'social engineering' attack?
Share and Follow


(NEXSTAR) – The Federal Bureau of Investigations on Friday issued an alert concerning Scattered Spider, a cybercriminal organization currently targeting the airline industry. The group, which is also said to be behind cyberattacks on multiple Las Vegas casinos in 2023, is said to rely heavily on “social engineering” techniques for its attacks, a tactic used to gain trust with victims.

“In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems,” the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) explains of these types of scams. Attackers may then use that information to pose as a trusted figure working at, or with, the victim’s company in order to gain access, CISA says.

Specific examples of Scattered Spider’s social engineering tactics include “impersonating employees or contractors to deceive IT help desks into granting access,” or “convincing help desk services to add unauthorized [multi-factor identification] devices to compromised accounts,” according to the FBI.

But social engineering can take many forms — and target everyday individuals, rather than just corporations.

“Typically, the elderly are the most vulnerable to social engineering, but they’re not the only victims,” said John Young, a cybersecurity expert and the COO of encryption company Quantum eMotion America. “Lonely people fall prey to romance scams; those who want instant gratification are vulnerable to get-rich-quick ploys; and otherwise savvy people who have a fear of missing out can get taken by investment scams.”

These types of attacks are also incredibly common. Scammers often contact potential victims through emails and texts (aka phishing and smishing scams) or sometimes over the phone, perhaps posing as a bank or an e-commerce company, and asking the victim to verify their personal information or account passwords.

Joseph Steinberg, a cybersecurity expert and the author of “Cybersecurity for Dummies,” says these attacks exploit a weakness in the human brain.

“We’re not wired to perceive threats from far away. … To survive, for most of history, we didn’t have to worry about threats from someone invisible, 3,000 miles away,” Steinberg told Nexstar.

“But people have a tendency to trust technology more than other people,” he added. “If I walk up to you in the street, and I told you your banker told me you need to reset your password, you’d never trust me. But if you get an email from what looks like [a bank]? That could be different.”

It’s also getting harder and harder to differentiate social engineering attacks from legitimate interactions. Artificial intelligence has made it easier for hackers to both gather information on targets and carry out the attacks, as noted by the cybersecurity teams at such organizations as CrowdStrike, IBM and Yale University.

AI can even make it possible for bad actors to create deepfakes (i.e., synthetic photos, video or audio clips that appear nearly indistinguishable from authentic ones) to try and trick victims. Steinberg says he’s seen this tactic demonstrated over the phone, with scammers using deepfake audio to mimic the voice of a victim’s loved one asking for money or sensitive information.

“Every time I’ve seen it demonstrated it works,” he said. “The AIs are that good.”

CISA offers a number of tips for preventing the likelihood of becoming a victim of social engineering attacks, including limiting the amount of personal information you share online, or contacting a bank/company directly (using a phone number provided by the company’s official channels) after getting a suspicious email or text, to verify its authenticity.

Now that AI is in the mix, Steinberg also suggests coming up with a plan to verify the identity of their own family members — and most importantly their children — if they get a suspicious call from a person claiming to be a loved one.

“I’m … going to ask them some piece of information that only my child would know,” Steinberg said.

By understanding these tools, the likelihood of becoming a victim is at least minimized, if never completely eliminated.

“The most important thing is to internalize the fact that you’re a target,” Steinberg said. “If you believe that people may be trying to scam you, you just behave differently.”

Young, too, said a skeptical mindset is especially helpful for the vulnerable populations to adopt.

“I teach volunteer classes for AARP to older citizens, and when I explain that in the old days scammers were known as con artists, something clicks for them,” he said. “It’s true; the scammers of today are just another name for con artists who have been using persuasion and their social engineering skills since the beginning of time.”

Share and Follow
You May Also Like

Sheldon man arrested for possession of large quantity of LSD and other drugs in Livingston County.

LIVINGSTON COUNTY, Ill. (WCIA) — A Sheldon man was arrested in Chatsworth…

Monitoring Storm Chantal and Expected Local Effects by Storm Team 3

Passing showers will continue tonight into Sunday. Winds will remain breezy, but…

Fatal Crash Involving Motorcyclist Near Flagler Beach, Confirmed by FHP

FLAGLER COUNTY, Fla. – A man riding a motorcycle Saturday afternoon in…

Suspect in stabbing incident fatally shot by law enforcement in Volusia County, according to sheriff’s office

VOLUSIA COUNTY, Fla. – Volusia deputies and police shot and killed someone…

Fatal lightning deaths most common in Florida

AUSTIN (KXAN) — Since 2006, almost 500 people have been killed by…

Texas Flash Flood Devastation Highlights Urgent Need for Storm Safety Measures

(AP) – The monstrous, swift-moving flood that swept through the Hill Country of Texas…

Experience the Vibrant Festivities of Champaign County’s Freedom Celebration

CHAMPAIGN, Ill. (WCIA) — For yet another year, it was all about…

Another incident of drowning has been reported at Hunting Island

BEAUFORT COUNTY, S.C. () — The Beaufort County Coroner’s Office (BCCO) reported…