Home > Blogs > Robert Siciliano > Identity Theft Expert Speaker

9 Social Engineering Scams You Might Still Fall For

By Robert Siciliano

Services for Real Estate Pros with IDTheftSecurity.com Inc

July 01, 2022 11:49 AM

Even though companies are putting more efforts into training staff to be wary of social engineering scams, people are still falling for them time and time again. On top of this, cybercriminals are always busy creating new scams.

9 Social Engineering Scams You Might Still Fall For The issue is that employees just aren’t paying attention like they should be when it comes to knowing they may be becoming a victim of a scam like this. In 2021, attackers were much more successful with these scams when compared to 2020, and shocking 80% of all organizations out there had some type of phishing attack in 2021. That’s 46% more than in 2020.

One of the reasons why this is happening is that people are just distracted by other things...they are essentially going through the motions of life, and their subconscious mind is taking over to make decisions that it shouldn’t make. Unfortunately, scammers know this.

A Stanford University study found that 88% of all data breaches that occur actually happen because of an employee mistake. When asked, almost half of employees who have caused these breaches said that it happened because they were distracted by something else. When you add the fact that more people are working from home than ever before, and that it is proven to be more distracting to work at home, we have a big issue on our hands.

The consequences of data breaches are also growing bigger than ever. In 2021, more than 15 million phishing emails sent out, and the total cost for a company to fix it hovered around $1.85 million.

Why do people fall for these scams, though? Mostly, it’s the same reasons they have always fallen for them including thoughtlessness, gullibility, curiosity, courtesy, and apathy.

5 Old Scams People Still Fall For

Security experts say that there are five social engineering scams that people are still falling for. Here is a reminder for you about what these scams are about:

An Official Looking Email

Scammers know that if someone gets an email from someone important...like a company CEO...they are going to open it. They also know that people are going to click on links in emails that look official, especially if the link is labeled something like “Proposed Employee Wage Increases for 2022.” The problem is this --- the emails might look like they are coming from someone important, but they are actually coming from a scammer --- and if you click that link, you could be initiating a company-wide data breach...or worse!

What you need to look for here is anything strange in the email – typos, grammar errors, or odd URLs are all signs that the email could be a scam. You should also look at the actual email address and not just the name on the email. A scammer can change the name on an email address at any time.

The Free/Lost/Dropped USB Stick

Another common scam that people still fall for is the free or lost or dropped USB stick also known as the “Bad USB” scam. In fact, just in January, the FBI sent out a warning to US businesses about fake letters from the Department of Health and Human Services, and all of them included a “free USB stick.”

However, when this USB drive was inserted into a computer, it could transfer software into the network, which allowed hackers to set off ransomware attacks.

The Gift Card Scam

If there is one scam out there that could be called the most effective scam, it’s this one. The gift card scam here is a type of social engineering scam that begins with a hacker sending a fake email or text to staff that appears to come from a company executive. In the email, the exec asks the recipient to go out and buy a bunch of gift cards, and then send the codes back to him/her. The hacker makes sure to create a sense of secrecy, saying that it’s a “surprise” for the recipients of the cards.

Since January of 2019, there have been thousands of these attempts, and hundreds of them go out each day. If hackers are still sending these emails, we can be sure that people are still giving them the information they are asking for.

The Voicemail Scam

Internal voicemails sent via email has been a thing for a while, but hackers are taking advantage of it by sending fake ones that are littered with malware. This is a good scam for hackers because everyone wants to check their email, and depending on who you are, you might want to check that voicemail, too. For instance, this works well for people in sales or who work on commission, as any message could be a lead for a new client. If you work for a company that does this type of voicemail distribution, make sure that it’s legitimate before clicking on the message...and if your company doesn’t do it, it’s probably best to delete it.

The “Problem with Your Delivery” Scam

Over the past two decades, the way and frequency we get packages and deliveries have certainly changed. We get notified of and can track packages via email, and with more people ordering things online than ever before, and getting several packages a week, it wouldn’t seem totally out of the ordinary to get an email notifying you of an issue with a delivery.

There are a number of ways that these scams come through; some of them want payment for delivery or others want you to put your email address in to track a package. The hackers often use fake tracking numbers and delivery days and times, but they always use the logos we are familiar with, including UPS and FedEx.

Four More Social Engineering Scams to Watch Out For

So far, we have talked about social engineering scams that have been around for a while, and you might have seen them before. However, there are always new ones or new spins on old ones coming out, and here are some that you definitely want to keep an eye out for:

The DocuSign Scam

This is a popular scam that started being more prolific at the beginning of the COVID-19 pandemic. Essentially, a person is getting a notification from DocuSign asking them to sign some legal forms. This is pretty common to sign forms online, but in this case, it is a scam that will install a plugin containing malware onto your computer and/or network.

The “Aging Accounts Report” Scam

This is a new scam, too, which is primarily focused on people in accounting. In this case, they get an email that looks like it is coming from an executive in the company. The message says that he or she wants to take a look at the outstanding receivables, and then asks the victim to send a report that includes customers who owe money and how long the account is overdue.

Once the scammer has this information, they can create a fake email or website, reach out to those people, and remind them of their bill. Since the hacker now has all of the information necessary to look legitimate, they quickly can convince the payer to send an ACH payment to a different account number. Because this scam is so good and convincing, plus it’s not actually the company in danger...but customers...this can be a dangerous and devastating scam.

The Bank Account Problem Scam

Another cybercrime is when a criminal uses a specific type of phishing email to convince a victim that there is an issue with an important account, like a bank account. The message will have a link that the recipient can click on to resolve an urgent issue like a bank account issue. The site will look just like the bank’s website, though if you look, the URL will be different, and then the person can enter in their credentials.

The problem is, now the hacker can get into a bank account and see the information in a matter of minutes. Though banks and other agencies are working hard to make sure it’s tougher than ever to pull a scam like this off, as with many things, the hackers seem to be right at their heels.

The Phone Phishing Scam

Finally, we still have the old phone scam, but with a modern twist. In this case, BazarLoader, a type of malware, can impersonate another brand, like Amazon, for instance. The scam is that the hacker convinces a person that they are being charged a lot of money...usually a few hundred dollars...for a subscription. However, if they want to cancel, they can call a phone number to speak to a customer service rep. If the victim calls this number, the hackers will literally take them step by step into installing malware and running it on their computer.

There are some variations of this scam, too, such as when a person is charged a ton of money for a streaming service or even a magazine.

We know that these types of hacks are here to stay, so the best course of action against them is to remain highly vigilant and aware that these scams are out there. Report any that you might come across, and keep an eye out for new scams as they come through.

Please share this.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Re-Blog

Comments(18)

Comment

Show All Comments

Sort:

John Pusa

Glendale, CA

Hello Robert Siciliano these are important social engineer scams to avoid.

Jul 01, 2022 02:16 PM

Kathy Streib

Cypress, TX

Home Stager/Redesign

Robert- you're right...these scum of the earth aren't going away so we might as well arm ourselves with as much information as we can. I think there's so much of this going around that we all become numb to it.

Jul 01, 2022 05:36 PM

Paddy Deighan MBA JD PhD

http://www.medicalandspaconsulting.com - Vail, CO

Paddy Deighan J.D. Ph.D

I have noticed an uptick in scams of late and the ability to make them look legitimate has made it difficult to detect many of them

Jul 02, 2022 12:28 AM

Kat Palmiotti

eXp Commercial, Referral Divison - Kalispell, MT

Helping your Montana dreams take root

I think I've received most of these. I can see why it would be easy to fall for one of them, especially when busy with a million things and when not really paying attention. Yikes.

Jul 02, 2022 04:41 AM

Will Hamm

Aurora, CO

Wayne Martin

Wayne M Martin - Chicago, IL

Real Estate Broker - Retired

Good morning Robert. I have seen all of these used in the last year. And they never seem to stop. Clever these criminals, but thanks to tips from you, we can hamper their success. Enjoy your day.

Jul 02, 2022 05:09 AM

Barbara Michaluk

Weichert Realtors | Phone Direct 240-506-2434 | 301-681-0550 office - Silver Spring, MD

Leisure World Specialist / Full Service REALTOR

Being a realtor seems to make us all a primary target for docusign scams. I try to be very cautious when I receive a docusign email even though I'm in the middle of a transaction that's using that system. Better to be safe than sorry!

Jul 02, 2022 05:32 AM

Nina Hollander, Broker

Coldwell Banker Realty - Charlotte, NC

Your Greater Charlotte Realtor

Fantastic post, Robert. I'm very conscious of all these scams but I know many people are less so. One of our neighbors just fell for that "we've kidnapped your grandson" scam and is now out $8,500.

Jul 02, 2022 07:06 AM

Grant Schneider

Performance Development Strategies - Armonk, NY

Your Coach Helping You Create Successful Outcomes

Robert - here is another one I got last week. An Facebook instant messenger scam supposedly from someone I know telling me about an SBA grant.

Jul 02, 2022 07:16 AM

Jeff Dowler, CRS

eXp Realty of California, Inc. - Carlsbad, CA

The Southern California Relocation Dude

Robert:

The more education about these scams the better. And they work for the reasons mentioned.

Jeff

Jul 02, 2022 11:08 AM

Diana Dahlberg

1 Month Realty - Pleasant Prairie, WI

Real Estate in Kenosha, WI since 1994 262-308-3563

It's good to know what to look for! To be honest, I am so sick of scams!!!

Jul 02, 2022 12:24 PM

Will Hamm

Aurora, CO

Will Hamm

Hamm Homes - Aurora, CO

"Where There's a Will, There's a Way!"

Hello Robert and thanks for the great information in your blog to share with us here in the rain. Make it a great 4th!

Jul 03, 2022 06:26 AM

Pat Starnes-Front Gate Realty

Front Gate Real Estate - Brandon, MS

601-991-2900 Office; 601-278-4513 Cell

I almost fell victim to a scam about a month ago. The person pretended to be a buyer of something I had posted on Facebook. They said the would send the money via Zelle. They said they would email the instructions to me. When I received the email, it was from a generic gmail account. That's when the warning signs went off and I terminated the discussion. It was pretty scary but thankfully I avoided the situation.

Bottom line, we have to remain diligent and aware. Thank you for sharing these scams.

Jul 03, 2022 10:55 AM

Mimi Foster

Falcon Property Company - Colorado Springs, CO

Voted Colorado Springs Best Realtor

What a great and timely post. I was receiving 3 calls a day from "Julie with Owner Services calling in regards to your maintenance fees." I would always hang up, but it always came from a different number (same area code) so I couldn't block her. When I finally picked up and said a few choice words, I realized it was actually a recording (didn't sound like it). The call back number was always the same, and I felt so bad for all the older people who would have called Julie back. It is such a crime. Thank you for your informative post.

Jul 03, 2022 11:03 AM

Laura Cerrano

Feng Shui Manhattan Long Island - Locust Valley, NY

Certified Feng Shui Expert, Speaker & Researcher

There’s definitely something to be said about that and thank you for warning us

Jul 03, 2022 12:47 PM

Kathy Streib

Cypress, TX

Home Stager/Redesign

Jul 03, 2022 04:49 PM

Thomas J. Nelson, REALTOR ® e-Pro CRS RCS-D Vets

Big Block Realty 858.232.8722 - La Jolla, CA

CEO of Vision Drive Realty - Coastal San Diego

None of them work on me, although some have come close. But, luckily because of you and people like you I've gotten good at spotting them...to a fault. I delete and block and report PHISHING on 70% of my emails and texts. I have more blocked emails and phone numbers than I do actual contacts LOL. It's true though, when they almost get me (it was a Home Depot scam) I 'm pre-occupied. I'm forcing myself to slow down on open/respond reflexes. Thank you for this reminder post.

Jul 04, 2022 09:04 AM

Brian DeYoung

also affiliated with Berkshire Hathaway Home Services Heritage Realty - Ithaca, NY

The Realtor with personal investment background

wow! what a great list.

There are so many scams, partly dishonest people who could do something else, and partly people with no options to make a good wage in their country.

Not ok either way, but because of both, we will continue to have this problem.

Jul 04, 2022 08:34 PM

Jan Green - Scottsdale, AZ

Value Added Service, 602-620-2699 - Scottsdale, AZ

HomeSmart Elite Group, REALTOR®, EcoBroker, GREEN

Great list of scam related issues for anyone to be wary of and be proactive in avoiding these situations.

It feels like scammers are at an all time high right now. When the economy is cranky, illegal activities increase dramatically. A week ago I received a call/vm from a Sargeant at our MC Sheriff's Office about a "civil matter." I checked the phone number and it's not even tied to that organization, or any organization. So I called to hear the recording and it sounded completely legitimate. So I left a VM. Not sure what exactly they will get from a voicemail as my phone software is set up so that if they aren't in my database, the call won't ring through and it goes to spam. If this number pops up again, I'll let it go to VM and see what happens.

Jul 06, 2022 12:10 PM