Skip to content

How to Know if You’re a Victim of People Hacking (aka Social Engineering)

Figure in gray hood and a painted skull mask making “shh” gesture with his forefinger

Have you ever received an “Important Message Alert!” or “Warning: Your Computer is at Risk” pop-up while on a random website? 

Or, have you ever fallen prey to the “IRS is coming to arrest you” phone calls? 

Most people detect these scams before they can wreak major harm, but they exist because some people fall for them. You might not know that these nasty scams have their own hacking category: it’s called social engineering.

There are so many forms of hacking that each has earned its own moniker. From “evil twins” to downloading malware scams, the floodgates of online and telephone hackers have opened, and anyone can fall prey if they’re not aware. Social engineering is a stealthy and malicious way to “people hack” by baiting unsuspecting victims with links or messages — and, sometimes, through direct contact. 

Let’s take a look at what’s considered social engineering, ways a social engineering hack can attack people, and what to do if you’ve been the victim of an attack.

What in the world is social engineering?

Social engineering differs from other types of hack attacks as it requires human interactions to be successful. Whereas most hackers find a way to corrupt, expose, or sell your data via malware, these hackers will try to form a connection with you (on some level) before they do their dirty work.

When you fall victim to a social engineering hacker, you may feel a sense of betrayal and violation. Typically, these hackers will use psychological tricks to manipulate people and lure them into giving away personal data. A hacker may stalk you to expose your security system’s weakest points through your own actions. Then, they may reach out with a personal message or warning to obtain access to your information. Social engineering hackers will also play on your fears of online security breaches in order to, ironically, breach your computer’s security measures. 

Social engineering attack examples

If you’ve fallen victim to a social engineering attack, you’re not alone. Part of what makes these hacks so insidious is that many intelligent, educated people have found themselves targeted — and large corporations with almost impenetrable computer security protocols have been attacked as well. Human error enables social engineering hackers to access secure accounts and commit massive fraud.

Some notorious examples of social engineering attacks include: 

  • In 2019, an unnamed CEO in the UK was duped over the phone by hackers who used AI to impersonate his boss. He transferred $243,000 to the hackers before realizing his mistake (per The Wall Street Journal)
  • In 2015, the largest social engineering scheme on record hit Google and Facebook when Evaldas Rimasuskas created a bogus company and invoiced employees of the platform giants via phishing emails. Over the course of two years, Rimasuskas stole $100 million from the internet companies.
  • In 2014, in a moment straight out of a movie, Sony Pictures suffered a social engineering attack at the hands of North Korean hackers. The hackers demanded that the film studio pay them and tried to prevent the Seth Rogen and James Franco vehicle, The Interview, from seeing a release. Tensions mounted between the U.S. and North Korean governments as a result. Ultimately, the crisis was undercut when Sony streamed the film for free. However, the studio still experienced major financial loss as a result of the attack.
  • In 2013, Yahoo! experienced an enormous customer data breach due to a social engineering scheme. An engineer at one of the Internet’s first giant companies fell for an email that allowed hackers access to over 3 billion customer accounts.

And, per the journal Medical Economics, the healthcare industry is especially vulnerable to social engineering hackers. The federal government has even issued a warning to healthcare workers to guard themselves against attacks. Among professional sectors, the industry has incurred the greatest costs due to data breaches, losing more than $10 million in 2022.

Social engineering can impact anyone, anywhere. It’s vital to know how to identify and how to avoid an attack.

Photo of a woman frustrated by something on his laptop

Several social engineering examples and how to avoid them

Social engineering hack attacks can take on a multitude of forms and utilize a variety of methods. So how can you possibly know what to look for or how to avoid these attacks? We’re here to help and to breakdown what an attack might look like:

1. Phishing: The most obvious people hack

Phishing is one of the more popular methods to“people hack” via social engineering hacks. This type of hack may come to you through email or even text. A phishing campaign will prey on your fears and demand action from you. 

Phishers may masquerade as companies you hold accounts with and tell you your account has expired or that there are issues with your online account. Per Verizon, phishing accounts for 93% of online security and data breaches.

For example, you may receive an email purporting to be from Amazon Prime that mimics Amazon’s logo. If you click on the link included in the email, phishers may link to malicious websites or trigger a malware download to your computer. 

A currently popular phishing text claims a recipient has a valuable package that wasn’t deliverable and must click on a link to rectify the issue. If you were expecting a package, and you don’t notice any red flags (such as spelling or grammar issues) in the text, you may instinctively click. You’ve just been hit with a social engineering attack.

If you receive any emails or texts with calls to action, verify the sender’s address before clicking on any links. It’s also important to remember that companies will not ask you to resubmit your personal information via an email or a text. 

If you believe you’re receiving a credible message, go to the official website and sign into your account before taking action.

2. Spearfishing: This time it’s personal

As its name implies, spearfishing is far more targeted and personal than phishing alone. Spearfishing employs some of the same social engineering methods as phishing, but spearfishers will tailor their attacks to fit specific victims or corporations. Spearfishers take the time to “get to know” their victims before carrying out an attack. These hackers will send you messages that appear individualized and are tailor-made to fit your contacts, personality, and profession. 

Spearfishing messages often seem legitimate and may appear to come from someone in your contact list. For example, you receive an email impersonating your company’s CEO which asks you to purchase multiple gift cards for your co-workers. Your boss has asked you to help with incentivizing employees in the past, so you don’t think to question the message. You complete the request and are told to log the gift cards into a linked site. Burning with shame, you realize the email wasn’t legit. The spearfishers now have your credentials, access to company contacts, and the gift cards. 

If you receive a message from a known contact that seems out of character, contact them directly via a new thread to ensure the legitimacy of the message. Don’t act on any requests until you’ve verified their credibility. 

And never follow an uncertain link or enter personal, sensitive information before you’re 100% confident that you know who’s requesting your data.

3. Baiting: These hackers will hook you

The fishing analogies of social engineering are vast, yet they totally make sense. Baiters are some of the most egregious people hackers operating today. When working online or via telephone, these hackers target you with false promises: “Earn $10,000 a day for sleeping!” or “Invest $50 now and see a $50,000 return by next month!” If you click on these links, you may inadvertently download malware or give away your most sensitive personal data.

Baiters also physically target their victims: They may leave an unattended flash drive sitting on a coffee shop or library table, hoping to pique your curiosity. If you’re curious enough, you may take the flash drive and insert it into your computer. Baiters might label the flash drives with information to appeal to passersby (e.g., sensitive documents or payroll data). The hackers load physical media with malware, and as soon as you insert it into a computer, the malware automatically downloads and infects your computer.

4. Vishing: Phishing’s dirty cousin

Vishing (“voice phishing”) is, perhaps, the most common social engineering hack. Vishers don’t even need an online presence to snag you. These hackers call people and leave threatening messages that claim urgent attention is required. 

Vishers often target the elderly, but their call databases include people from all walks of life. A visher may call you multiple times in one day, and they typically leave a vague message warning of dire consequences if you don’t call them back. 

Vishers will ask you to verify account information over the phone and may impersonate government or law enforcement officials. Vishers may also mirror a known phone number, but will demand payment or other personal information. Know that the companies they’re impersonating would never ask for this in a person-to-person phone call. 

In some cases, vishers may say they’re calling on behalf of your loved one who was just in a tragic accident or is in jail and then demand money.

A good way to protect yourself against these vicious vishers is to utilize caller ID to screen your phone calls. If you don’t recognize a number, don’t answer your phone. If a voicemail asks you to call a number, verify the number and the company it’s associated with first. 

Joyful couple smiling and using tablet at home.

Final Tips

No one wants to be hacked, but the “people-hack” of social engineering attacks feels personal. These few easy steps can help you protect yourself:

  • Never use the same password for separate accounts.
  • Utilize a password manager, such as LastPass to keep track of and secure your passwords
  • Never enter sensitive information on a page that doesn’t require a two-step authentication process
  • For security questions, supply fake answers — or answers that a hacker wouldn’t find stored in your personal database.

For more information, check out our podcast episodes “Social Engineering Snares Smart People,” “Social Engineering and Pick Pocketing” as well as our explainer “The New Name for Online Con-Artist Tricks.”

Related Articles

All
  • All
  • Easy Prey Podcast
  • General Topics
  • Home Computing
  • IP Addresses
  • Networking
  • Online Privacy
  • Online Safety
  • Uncategorized
Senior Getting Scammed

The Never-Ending Scams on Seniors

Con artists adapt to the times, technology and trends, so they’ll use a variety of approaches to...

[Read More]
You can find someone with a picture to verify their identity.

How to Find Someone with a Picture on Social Catfish

You’re swiping on an online dating site when you come across someone attractive. You immediately swipe right,…

[Read More]
Learn how to spot red flags to stay safe from military romance scams.

Spot Military Romance Scams with Common Red Flags

Online dating can provide great opportunities to meet new romantic partners. However, it’s also a favorite tool…

[Read More]
Tinder may not have a search function, but you can still find someone's profile on Tinder.

How to Find Someone’s Profile on Tinder

Have you been suspicious of your significant other’s increased phone use lately as they hide what they…

[Read More]
Steve Baker talks about why you should check your credit score and full report today.

Check Your Credit Score Today – Here’s Why!

Every time you pay a bill or apply for credit, your data gets sent to a credit…

[Read More]
Stream the 2022 FIFA World Cup right now for free with a VPN!

How to Stream the 2022 FIFA World Cup Live for Free with a VPN

The world’s most anticipated football event is here, and it doesn’t matter where you live – if…

[Read More]