How Social Engineering Snares Smart People (And How You Can Avoid It)
Scams are getting more sophisticated. Hackers don’t just hack computers anymore – they use social engineering techniques to hack you and get you to do what they want. But by understanding how social engineering works, you can reduce your chances of falling for it.
See 6 Basic But Effective Online Security Tips with Jordan Harbinger for a complete transcript of the Easy Prey podcast episode.
Jordan Harbinger is the host of The Jordan Harbinger Show, a podcast where he interviews awesome people and makes their wisdom available to everyone. He has been doing the show for fourteen years, and sees about 11 million downloads per month. He also became interested in social engineering at a young age and has plenty of insights to share.
Learning “Freaking” and Social Engineering
In about 1993, Jordan got a computer that came with a modem. Realizing that now he could go online, he quickly found bulletin boards, pirated games, ways to talk with people around the world, and even hacker channels – called freaking channels. He remembers thinking, “No one in my school is as smart as these people.” There were also ways to learn how to mess with systems and technology that he could learn. Although he found it interesting, he wasn’t technically inclined.
Jordan spent hours at pay phones, dialing numbers and trying to figure out the system. There were numbers he could dial to get another dial tone, and ways to hack voicemails. The default passwords were the same and people didn’t often change them. He would delete voicemails and do other pranks.
Eventually he went dumpster-diving and found a cell phone that worked except for a leaky battery. He replaced the battery and started learning how it worked. He also stole a lineman’s handset (he isn’t proud of it, but he was thirteen at the time). Using that handset, he started opening telecom boxes and listening in on phone calls.
Doing this “freaking” required a lot of social engineering. Jordan used social engineering to get people to connect calls for him, to get serial numbers to reprogram phones, and to talk his way out of getting caught dumpster diving. He found that this was the part of freaking that really appealed to him.
Social Engineering Insights from Other People’s Phone Calls
When Jordan’s parents were gone, they assumed he was watching TV. Instead, he was spending hours at a time listening to neighbors’ phone calls. Some of them were interesting, like the guy down the street getting divorced. He switched line pairs like switching TV channels.
Jordan enjoyed wiretapping because as a kid, nobody talks to you like an adult. He got to see the uncensored versions of adults. As a child, you don’t think of adults as real people with real problems. But listening in on those phone calls, Jordan got to see adults as humans with multiple different sides. He realized that just like every phone system has similar switches, every person has similar switches in their brains. People may be complex systems, but they’re still systems, and social engineering can program them.
People are a system too … the most complex system that exists is the brain and human psychology – the psyche.Jordan Harbinger
How People Fall for Social Engineering
Some people are more prone to fall for social engineering than others. It’s very easy to pull one over on a narcissist or someone with a big ego. Kill them with flattery, and you can get them to do almost anything. You can flatter your narcissistic boss to no end. Men are easy marks for attractive young women. And getting a teenage boy to do something is the easiest – they’ve very vulnerable to flattery.
The easiest people to manipulate are the ones who think they’re too smart to get caught up in it. Being confident you’ll never fall for something like that makes you let your guard down. When you let your guard down, you’re vulnerable to social engineering.
The second you think you’re too smart to get scammed is when you are most vulnerable to getting scammed.Jordan Harbinger
Jordan sees it all the time. Businesses say they don’t need to use two-factor authentication because their people know not to use weak passwords. Or they say that keeping passwords on Post-Its at the computer is fine because anyone who can see that already has an account – completely forgetting about the cleaning staff who have access when nobody else is around.
Avoid Falling for Social Engineering
Jordan finds it difficult to give advice to people who are actively learning about things like social engineering. You probably already know the IRS will never ask you to pay in gift cards. But social engineering scams are more advanced these days. Jordan’s father had printer issues and googled HP Support. He found a scam website, called what he thought was Hewlett-Packard, and the scammer got him to install something. Jordan’s father isn’t a dumb guy, but he didn’t understand what was happening.
If people call asking for your money or information, always call them back. And call them back on a number you didn’t get from them. If you do get a number from them, Google it and see if it’s been reported as a scam. And if they tell you not to call a number, hang up – a legitimate business will never say, “Don’t call this number.”
Social engineering really is effective mostly on people that aren’t paying attention to it.Jordan Harbinger
Jordan’s father thought he was savvy enough to not get scammed, but he did. It can happen to anyone. Follow good password security protocols. Use a password manager, and don’t reuse passwords. Turn on two-factor authentication. Jordan recommends going a step further: Put fake answers to the security questions and save those fake answers in your password manager so you don’t forget them. Fakenamegenerator.com is a great way to generate fake security answers.
Don’t Live in Fear
Jordan’s final piece of advice, though, is not to live in fear of social engineering. It’s still okay to trust people. You don’t want to live in a society where you think everyone is out to scam you. First of all, that’s not true. Second, not being able to trust anyone will make you miserable.
Social engineering does happen, and scams do happen, but not all the time. Jordan routinely sends money to strangers over the internet for services and doesn’t get screwed. Occasionally it does happen, but he considers that a cost of doing business. In the end, trusting people is a better way to live.
The last thing I’m going to do is treat everybody like they’re a potential criminal because it’s a miserable way to live.Jordan Harbinger
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety
With so many people working from home now, one big question employees have started asking is: Can…[Read More]