Human hacking scams, also known as social engineering, pose a serious threat to your personal and professional cybersecurity.
Unlike phishing scams, human hacking doesn’t rely purely on technology to access your computer system and instead, it uses psychological manipulation.
Here CashLady explores human hacking scams further and provides you with five important tips to help avoid them.
What are human hacking scams?
Human hacking scams can take place at home or at work, so where ever you are, be wary when contacted by unknown people or companies that ask for personal or sensitive information.
It’s important to note that hacking scams are often subtle. If it’s a sophisticated hack then the information that the hacker seeks might not seem particularly sensitive – it could, however, be used against you at a later point, for example, to gain your trust.
There are thousands of variations on human hacking scams, but most criminals use them to exploit human kindness and willingness to help, often employing distractions and questions and pretending to be someone they are not.
Human Hacking: An Example
A good example of a human hacking scam is when hackers phone into call-centres and falsely pretend to be customers so that they can access accounts and gain information.
They achieve this by manipulating the call handler and playing the sound of a baby crying in the background, pretending to be a frazzled new mother who has forgotten her password.
Believing they’re doing this ‘new mother,’ a favour, the call centre agent might let them bypass security, believing there’s no security risk.
The hacker then sets a new security password on the account and accesses it online or phones again, this time with the password, to make purchases or access information.
Tips to avoid human hacking scams
Don’t fall prey to a human hacking scam by following our useful tips below.
#1 Be wary of unsolicited messages or calls
Don’t trust an email, phone call or visitor from a firm just because you are familiar with it. Do your own research and go to the company’s website to reveal it’s confirmed phone number.
If you’re not sure if an individual contacting you is legitimate, seek verification and call the company yourself – don’t rely on name badges or ID as it’s easy for hackers to fake these.
#2 Think before acting
The modern world moves fast, and human hackers take advantage of that, wanting you to act first and think later.
Remain present and consistently aware of your surroundings and be suspicious if someone appears urgent and as though they are pressuring you for information.
It’s possible that they are deliberately trying to stress or confuse you so you reveal something that you’ll regret later.
#3 Ignore requests for passwords and bank details
Simply delete and ignore any request for your financial information or passwords.
Your bank or service providers would never phone or email you out of the blue and then ask for your password or bank details and if they do then it’s most likely scam.
If you’re unsure whether the contact is a scam or not, simply hang up the call or don’t respond to the suspicious email and instead call the company using the details on their website to ask if they have genuinely been in touch.
#4 Check website security first
Don’t get caught out sending sensitive information over the internet to a fake website, such as a ticketing site, by paying close attention to the URL.
Many malicious websites look identical to the legitimate one but will have a variation in the domain name, such as .com instead of .net.
#5 Don’t overshare on social media
Hackers are clever and could be watching you at any time, planning to hack you personally or the organisation that you work for.
What you reveal online could give them clues about your passwords or provide useful information that will help them trick you or lull you into a false sense of security.
When hacking an organisation, hackers often use information about staff to help engineer their scams, for example knowing an employee is on maternity leave or what the CEO likes to do in their spare time can all provide useful ammunition when pretending to be someone they are not.