Made possible by generous funding from

AT&T Logo

Social Engineering: How Cybercriminals Trick You Into Bad Decisions

Social engineering refers to the practice of using deception to manipulate people for fraudulent purposes. Scammers often use threats of loss to create fear. They may create a sense of urgency by demanding that you take action immediately. They may promise rewards for clicking a link. They may even threaten to expose your data or online activities. Scammers often pretend to be someone in a position of authority to gain trust or create a sense of control. All frauds use social engineering. If a scammer can frighten you or convince you that he is protecting you from a significant loss, you are far more likely to reveal passwords, account numbers, and other private information that a scammer can then use to steal your identity or money.

Social engineering uses our natural emotional responses

  • Fear. Cybercriminals often try to scare you with threats of loss or harm. Common frauds include threats of arrest, the loss of government benefits, or cutting off utilities like power and water.
  • Authority. Scammers take on false identities that give them a position of knowledge or authority. Popular scams include pretending to be from the IRS, your bank, Microsoft, or, if you are still working, an executive from your company.
  • Urgency. Creating a sense of urgency, such as offering a deal that will end shortly, is often used to entice you to act quickly and without thinking things through. It’s successful in marketing and cybercrime as well.
  • Greed. Wouldn’t it be nice if we could all win contests we never even entered? Scammers are quite successful at getting victims to click links to winnings that don’t exist. Or pay up to get a “secret shopper” job. If it sounds too good to be true, it probably is.
  • Social fun. Who can resist cute pictures of kittens or playful puppies? And how about those fun games and quizzes on social media? They are often designed to install malware on a user’s computer or capture personal and private information.
  • Romance. A growing area of cybercrime is romance-related fraud, often called “catphishing” or “catfishing.”

Recognizing social engineering is super important

You can’t possibly memorize every scam but you can learn to recognize emotional manipulation. A scammer’s goal is to get you to react quickly and without thinking by clicking a link, opening a file, making a phone call, or divulging a credit card number or password. Your goal is to learn to stop for a few moments and analyze the message and determine its actual source. The following lessons will teach you how criminals use different technologies like email, text, and robocalls to find victims and, using social engineering, trick them into falling for a fraud.

Test your knowledge

CGOS Social Engineering
1. Social engineering (in relation to fraud) refers to which of the following (check all that apply)