Social Engineering: when we are emotionally manipulated
Social engineering is one of the most common techniques used by cybercriminals, and consists of manipulating our primary emotions, such as hate, curiosity and love. In this way they get us to perform actions subservient to their ends.
To do this, the first thing that those who seek to harm us or take some benefit from us through the network, is to collect as much information as they can about us, in order to exploit the following psychological vulnerabilities:
Authority
We are prone to respond to any request when we think it is made by someone we trust and/or who represents an authority for us.
Scarcity
When something very valuable is in short supply and we have the opportunity to acquire it, we go for it without thinking twice.
Reciprocity
We are more willing to collaborate when we receive something in return.
Sympathy
We trust people who think or act similarly to us.
Consistency
We take risky actions when we believe they are supported by a cause or when we are publicly committed to them.
Social validation
We believe that it is okay to commit imprudence if others also do it, and even more so if they have been successful.
On this basis, we are exposed to various online threats that exploit our feelings of love, affection and attraction for people:
1-. Identity fraud
When we contact someone on the Internet, it is difficult to know if it is a real person or an invented identity, or even an impersonated identity.
False identity. Anyone can construct a false identity on social networks.
In this way they will exploit vulnerabilities such as scarcity (pretending to be the perfect partner), reciprocity (they offer us gifts, positive comments…) and sympathy (they claim to share our tastes and hobbies) to make us fall into their trap.
The most common emotional scam aims to make as much money as possible by making victims fall in love and inventing stories in which the person asks for money for a “good reason”. This is the case of the famous Tinder Scammer.
Identity theft.
Anyone can be a victim of identity theft.
In this case, they will exploit the authority emanating from our partner, or the person we like so much, by impersonating him or her in order to deceive us.
For example, we may think that our partner is sending us an email with an attachment containing our most romantic pictures, and once we execute the file, our device is infected with malware.
2-. Sextortion
Although it is increasingly common, we cannot forget about the dangers involved in Sexting, or sharing intimate content with other people, known or unknown. These people apply reciprocity techniques, sharing equally intimate content with us, real or not.
Sextortion involves the person to whom we send intimate content threatening to publish such content if we do not do as we are told.
In this case, they make us believe that only in this way we will stop being their victims, that is, they urge us to send them money or more intimate content, among other requests; however, this is another emotional scam, and once we give in they will ask us for other requests.
We must also take into account the possibility that they are deceiving us, making us think that they have our content when they do not. that they are deceiving us, making us think that they have our content when this is not the case.
3-. Cyberbullying and cyberpredators
Actually, anyone, known or unknown, can become obsessed with us, and it is not something we can prevent. But we must be aware that the Internet and social networks provide tools to harass us, and that cyberbullying can cross the barriers from the virtual to the real.
To do so, they may use any number of false or impersonated identities to approach us and get to know us. Many take advantage of sympathy, but also reciprocity and social validation, to engage in conversations in which they obtain our personal data.
For example, among many other things, they may pretend to be professional photographers to approach minors interested in the world of beauty; pretend to be minors to approach other minors (grooming), and other times they are part of our
fandom
so that we are compelled, in a sense, to respond to their comments and engage with them.
How can we protect ourselves against these threats?
Avoid sharing personal information:
- Location and address: makes it easier for them to analyze our behavioral route, thanks to which they are able to harass or rob us, among other risks.
- Email and phone number: allow better manipulation of our vulnerabilities, facilitating Phishing and lucrative emotional scams.
- Intimate content: such as photographs, likes, dislikes, opinions and private conversations can be used to extort money or damage our image.
Make the relevant privacy settings:
- They will allow us to choose who we want to find us, talk to us, share and comment on our content, etc.
- There is no point in setting our account to private mode if we accept anyone in our contacts.
Control our circle of contacts:
- It is recommended not to accept requests from unknown contacts, and in such a case, to verify their identity.
- We must verify that our known contacts are not impersonations.
Finally, it is important to use common sense:
- The more information we share and the more we trust each other, the more sophisticated the social engineering techniques we will be subjected to, and the more vulnerable we will be to emotional manipulation.
- Once we publish or share information or content there is no going back. Even if we delete it instantly, we will never know who may have captured this information.
- Be aware of the red flags such as impulsive behaviors, strange requests, pernicious conversations, strange coincidences… and, above all, be wary of anything that appears to us as “too good”.
The most basic premise is to act with the same (or more) caution online as we do in the real world: be wary of strangers and be careful about what information we share and with whom are key actions to avoid becoming victims of these online threats.