Special offer
Home > Blogs > Robert Siciliano > Identity Theft Expert Speaker
bookmark_border

Top 3 Social Engineering Scams

By
Services for Real Estate Pros with IDTheftSecurity.com Inc

Think about hackers breaking into accounts. If you think they need top-notch computer skills, you would be wrong. These days, instead of requiring skills behind a keyboard, hackers generally rely on strategy…specifically a strategy called social engineering. This means that hackers don’t have to be technical, but they DO have to be clever and crafty because they are essentially taking advantage of people and “tricking” them into giving information.

There are four main ways that hackers use social engineering:

  • Phishing – where hackers use email tricks to get account information
  • Vishing – similar to phishing, but through voice over the phone
  • Impersonation – the act of getting information in person
  • Smishing – getting account info through text messages

Phishing accounts for 77 percent of all social engineering incidents, according to Social Engineer, but in vishing attacks, alone, businesses lose, on average, $43,000 per account.

Here are the top scams that all consumers and businesses should know about as we move into 2017:

Scam Using the IRS

Starting from the holiday season stretching through the end of tax season, there are scams involving the IRS. One such scam uses caller ID to change the true number of the caller and replaces it with a number from Washington, D.C., making it look like the number is from the IRS. Usually, the hacker already knows a lot about the victim, as they got information illegally, so it really sounds legit.

In this scam, the hacker tells the victim that they owe a couple of thousands of dollars to the IRS. If the victim falls for it, the hacker explains that due to the tardiness, it must be paid via a money transfer, which is non-traceable and nonrefundable.

BEC or Business Email Compromise Scam

In the business email compromise, or BEC scam, a hacker’s goal is to get into a business email account and get access to any financial data that is stored within. This might be login information, back statements, or verifications of payments or wire transfers.

Sometimes a hacker will access the email by using an email file that contains malware. If an employee opens the file, the malware will infect the computer and the hacker has an open door to come right in.

Another way that hackers use the BEC scan is to access the email of a CEO. In this case, they will impersonate the CEO and tell the financial powers that be that he or she requires a wire transfer to a bank account. This account, of course, belongs to the hacker not the business. When most people get an email from their boss asking them to do something, they do it.

Ransomware

Finally, hackers are also commonly using ransomware to hack their victims. In this case, the hackers are working towards convincing targets to install dangerous software onto their computer. Then, the computer locks out the data and the victim cannot access it…until he or she pays a ransom.

At this point, they are informed that they can get access back when they pay a ransom. This might range from a couple of hundred to several thousands. Usually, the hackers demand payment by bank transfer, credit card, bitcoin, PayPal, or money transfer services. Victims are usually encouraged to go to a certain website or call a certain number Unfortunately, too often, once the victim pays the ransom, the hacker never opens up the system. So now, the hacker has access to the victim’s computer and their credit card or financial information.

The way social engineering works in this scam is varied:

One way is this…imagine you are browsing the internet, and then you get a popup warning that looks quite official, such as from the FBI. It might say something like “Our programs have found child pornography on your computer. You are immediately being reported to the FBI unless you pay a fine.” When you click the popup to pay, the program actually downloads a program called spyware to your computer that will allow the hacker to access your system.

Another way that social engineering works with ransomware is through voice. In this case, you might get a phone call from someone saying they are from Microsoft and the representative tells you that they have scanned your computer and have found files that are malicious. Fortunately, they can remotely access the machine and fix the problem, but you have to install a program to allow this. When you install it, you give them access to everything, including personal and financial information, and they can do what they want with it.

Finally, you might get an email offering a free screen saver or coupon, but when you open it, the software encrypts your drive and takes over your computer.

Robert Siciliano personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Comments (23)
Subscribe to CommentsComment

Submit
Show All Comments
Kathy Streib
Cypress, TX
Home Stager/Redesign

Robert- count me in as well...I'd never heard of vishing!  Thank you so much for keeping us informed. 

Jan 14, 2017 02:42 PM
Kathy Streib
Cypress, TX
Home Stager/Redesign

                          Thank you   Robert Siciliano 

Jan 14, 2017 05:58 PM
Kat Palmiotti
eXp Commercial, Referral Divison - Kalispell, MT
Helping your Montana dreams take root

Don't open anything you didn't ask for - no links, no files. That's my mantra. 

I've received calls at home from "IRS" and "Microsoft." We have to be constantly vigilant to safeguard our data.

Jan 15, 2017 04:17 AM
Dorie Dillard Austin TX
Coldwell Banker Realty ~ 512.750.6899 - Austin, TX
NW Austin ~ Canyon Creek and Spicewood/Balcones

Good morning Robert Siciliano ,

I'm so glad that Kathy Streib featured this post her her "Light bulb" moments for the week this morning. I've not heard of Vishing. I've had a call from someone from Microsoft and told him my computer technology person handles my computer! I also had an email from the IRS..I knew it was not legit and did not open their links. It's scary out there to all the scams going on..thanks for the great information!!

Jan 15, 2017 06:08 AM
Shirley Coomer
Keller Williams Realty Sonoran Living - Phoenix, AZ
Realtor, Keller Williams Realty, Phoenix Az

It is scary how easy it is to get scammed these days!  A few years ago my mother in law went to the bank to wire money to my son who was "stuck in Mexico" and needed $5000 for a car accident.  The caller called her "Grandma", and when she said is that you Nick?  The caller had his name.  Luckily the bank called us to verify this familiar story and we averted a scam.

Jan 15, 2017 06:44 AM
Nick Vandekar, 610-203-4543
Realty ONE Group Advocates 484-237-2055 - Downingtown, PA
Selling the Main Line & Chester County

Good advice which all computer users need to know especially seniors. Heard of several  seniors locally who have fallen prey to these scams.

Jan 15, 2017 07:42 AM
Jeff Dowler, CRS
eXp Realty of California, Inc. - Carlsbad, CA
The Southern California Relocation Dude

I always enjoy reading your posts. Perhaps "enjoy" is not the right word, given the topic. Thanks for all the information about Internet security and more so we can all be more mindful of what to be on the lookout for.

Jan 15, 2017 07:50 AM
Carol Williams
Although I'm retired, I love sharing my knowledge and learning from other real estate industry professionals. - Wenatchee, WA
Retired Agent / Broker / Prop. Mgr, Wenatchee, WA

Thank you so much for this article, Robert Siciliano .  I know two elderly couples who have been scammed out of ALL their life savings.  It is so sad.  We can't stress enough about caution in protecting our information.

Jan 15, 2017 08:05 AM
Chris Ann Cleland
Long and Foster Real Estate - Gainesville, VA
Associate Broker, Bristow, VA

This is great information.  Didn't know there were different names for the types of identity theft issues.

Jan 15, 2017 10:03 AM
Sam Shueh
(408) 425-1601 - San Jose, CA
mba, cdpe, reopro, pe

SMiShing-a security attack in which the user is tricked into downloading a Trojan horse, or malware onto his cellular phone or other mobile device. Itr is short for "SMS phishing.

I do not download any apps onto my iPhone. I will be dead meat.....

Jan 15, 2017 10:54 AM
Fred Griffin Florida Real Estate
Fred Griffin Real Estate - Tallahassee, FL
Licensed Florida Real Estate Broker

Ransomware - a Tallahassee Realtor was hit for $20K on this last year.  She had no backup. 

Jan 15, 2017 11:27 AM
Gayle Rich-Boxman Fishhawk Lake Real Estate
John L Scott Market Center - Birkenfeld, OR
"Your Local Expert!" 503-739-3843

Robert, a common one is the microsoft scam that I got nailed on, and another friend was completely rooked out of about $800. I had this PopUP on my computer screen and it froze my screen. I was frantic and it said that many things of mine were essentially compromised and I needed to call this 800# which (sadly) I did. They said they were with microsoft and I spent about an hour on the phone, they wanted all kinds of money and malware (for life) was promised, and and and. They didn't take my CC, because, well, they didn't say why. I found out later, it's because that's traceable. They were in my computer and I wasn't supposed to turn it off until they had cleaned it all up--so I called my favorite IT person and he said, shut it down NOW! I did. They called me back over and over again, about 8 times. I didn't answer. He took a look at my computer and a small bit of it they'd screwed with, but I was one of the lucky ones. He said they are called ransom hijackers, as I'm sure you're well aware. They ended up sending FedEx to collect a check and I told him what it was all about, so he wrote in his notes that it was a scam pick up...out of Florida. 

A word to the wise!  Bob Crane wrote a post about it and I re-blogged it soon after this happened to me. 

Jan 15, 2017 12:32 PM
Bob Crane
Woodland Management Service / Woodland Real Estate, KW Diversified - Stevens Point, WI
Forestland Experts! 715-204-9671

Getting calls and emails from these thieves day and night, it is unfortunate that so many fall victim to their antics.

Jan 15, 2017 07:32 PM
Praful Thakkar
LAER Realty Partners - Burlington, MA
Metro Boston Homes For Sale

Robert Siciliano - something new I learned in your post.

Always thought Phishing it is - nothing about other scams.

Jan 15, 2017 08:16 PM
Nina Hollander, Broker
Coldwell Banker Realty - Charlotte, NC
Your Greater Charlotte Realtor

Hello Robert... always learn something new from one of your postings. Thanks for keeping us all up to speed.

Jan 16, 2017 04:53 AM
Kristin Johnston - REALTOR®
RE/MAX Platinum - Waukesha, WI
Giving Back With Each Home Sold!

I can see why Kathy chose to highlight your post this week...great job!

Jan 16, 2017 07:07 AM
Sussie Sutton
David Tracy Real Estate - Houston, TX
David Tracy Real Estate for Buyers & Sellers

Excellent information. I got the IRS call.... I reported the incoming phone number to the police... 

Jan 16, 2017 07:31 AM
Beth Atalay
Cam Realty and Property Management - Clermont, FL
Cam Realty of Clermont FL

Thank you so much for sharing Robert, scammers never stop trying.

Jan 16, 2017 11:38 AM
Gabe Sanders
Real Estate of Florida specializing in Martin County Residential Homes, Condos and Land Sales - Stuart, FL
Stuart Florida Real Estate

And they are getting pretty clever at many of these, Robert.

Jan 17, 2017 06:47 AM
Rebecca Gaujot, Realtor®
Lewisburg, WV
Lewisburg WV, the go to agent for all real estate

I have received a call from the "IRS". The man kept on talking and I finally said.."you know the IRS does not call"... he hung up immediately.  Thanks for the info on the scams and will share with family and friends.

Jan 18, 2017 10:22 AM
Back to Top

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?