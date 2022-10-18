You have to hand it to scammers for their creativity and determination. Criminals are doing their research to make their ruses more elaborate, so they can separate more and more of us from our hard-earned cash. Their newest scams use manipulative social engineering attacks that leave victims feeling doubly deceived.

What Is Social Engineering?

Social engineering refers to the basket of psychological tricks scammers use to build trust with potential fraud victims. Scammers can carry out all sorts of deception using information gleaned about their targets from social media sites and publicly available data.

The attacks can take many forms and often begin with a phishing email designed to trick the recipient into giving up personal information. The FBI’s Internet Crime Complaint Center, or IC3, reports that phishing affected nearly 324,000 victims in 2021.

Other types of social engineering campaigns involve voicemail phishing (vishing), text-based phishing (smishing) and business email compromise (BEC), which uses spoof messages that appear to come from legitimate businesses. In my role as senior threat fellow for threat research at Agari by HelpSystems, I’ve seen all sorts of online scams.

The cons work because we’re human. Most of us are wired to trust others. Fraudsters know this and play on our heartstrings or thrill us with fabulous deals that make us feel special.

The Third Party’s a Charm

Social engineering is at the foundation of the latest advance fee fraud scams, which are growing in frequency—and complexity. The general ploy is to entice you to put up some money to receive something of greater value. The fraudsters leverage urgency and authority to get you to send money.

These cons have two phases involving entities that seem unrelated. That’s the genius. The idea is that even if you’re a little suspicious of the initial message or ask, the apparent handoff to a third party—another person or group—builds your trust. But behind the curtain, everything is masterminded by a single person or team.

Two-Part Scams Involving (Phony) Third Parties

Beware of these five schemes in which con artists lay traps by creating bogus third parties.

1. The Free Piano Scam

How it works: You get an email from a widow who wants to find a new home for her deceased husband’s beloved piano. She must move to a smaller place, and you’d be doing her a favor if you accepted the instrument.

According to the photos, it’s a beautiful, name-brand piano. It’s yours for free if you cover the shipping. She sends a link to a suggested global logistics provider where you can submit your payment. You even get a tracking number saying the shipment is en route.

Behind the scenes: There is no piano, widow or shipping company. It’s one scammer duping you with multiple email accounts and a fake shipping company site.

2. The Attractive Pricing Scam

How it works: You’re a distributor and receive an email at work from someone wanting a quote on an industrial product. You search online for the bizarrely long product ID number that’s been supplied, and you find it on a single manufacturer’s website.

After inquiring about the cost, you’re shocked to learn it’s less than half what you expected to pay. In the grand tradition of buy low, sell high, you order 20 of the items and respond to the initial inquiry with a suitably padded price. But you never hear from the potential buyer again.

Behind the scenes: The buyer and seller are one and the same. The scammer found you in a search for distributors on LinkedIn and relied on the fact that you, like most people, would never expect collusion between a buyer and a seller online.

3. The M&A Scam

How it works: Kevin, the head of mergers and acquisitions at your company, tells you of an imminent and highly confidential deal. As a staff accountant, you’ve worked with Kevin many times and think nothing of his request to switch to your personal email account to protect the details of the transaction.

He says you’ll soon get a note from the attorney with instructions about transferring the company’s earnest money—that is, deposit for the deal—quickly. You wire the funds to the account specified.

Behind the scenes: The scammer did some research to learn Kevin is your company’s M&A chief, then created a bogus email that looked legit. The “attorney” is the same scammer with a different email address, and the money will probably never be traced.

4. The Gift Card Scam

How it works: Gift card scams remain popular among con artists. In the latest iteration, your boss is on the road and asks you to send her niece a Google Play gift card for her birthday. The niece has had a rough go of it lately and dropped out of school to care for her ill father. You feel badly and want to help.

Behind the scenes: The scammer is the puppet master using fake email accounts and a sad backstory to override common sense.

5. The Escrow Account Scam

How it works: You’re looking for a deal on an RV. You find one on Craigslist or eBay that fits the bill, and the seller says he’s in the military and about to be deployed to Poland to support Ukraine’s war efforts. He needs to get rid of the camper soon, but it’s in Montana. He instructs you to use the Craigslist or eBay escrow service and will ship the vehicle once the money clears.

Behind the scenes: These sites don’t have escrow services, and any money sent to the link you’re given will go into the scammer’s hands.

How Can You Protect Yourself From Social Engineering?

As always, tap into your intuition and stay alert. Remember that if something sounds too good to be true, you’ve probably got the right idea.

Follow these steps to save yourself from getting conned.

Uncover email addresses: A right-click on a sender’s name will let you view the message properties and reveal telling details that could save you a lot of trouble.

A right-click on a sender’s name will let you view the message properties and reveal telling details that could save you a lot of trouble. Verify through a separate channel: If you’re given a link to a website to order or ship something, see if you can find the business on Google Maps or via search. It may not exist.

If you’re given a link to a website to order or ship something, see if you can find the business on Google Maps or via search. It may not exist. Avoid cryptocurrency: Getting a request to pay for just about anything in cryptocurrency usually indicates fraud.

Getting a request to pay for just about anything in cryptocurrency usually indicates fraud. Report the scam: If you feel you’ve fallen victim to a social engineering attack, report the fraud to the Federal Trade Commission.

