1. What is persons manipulation?
Manipulating of a person is a situation where an attempt is made to make a person disclose data through manipulation. There are many different ways, but the most common is when a scammer pretends to be, for example, an IT support representative or co-worker. Scams can happen online, over the phone or face to face. What makes manipulations dangerous is that they are carefully planned. Usually, the scammer collects background information about his victim to make the contact as credible as possible. Then the scammer contacts the victim and tries to create the dialogue as credible as possible. Finally, once the victim has been persuaded to take the desired action, the fraudster commits fraud. It is important to know that even a small amount of information for a scammer may be enough to combine the information with existing information, as a result the scammer may gain access to the intranet or user accounts.
2. What are the typical features of manipulation?
The most common features of manipulation are persuasion and reliability, which are used as approach tactics. It allows the victim to provide information that you would not otherwise provide. Emotional manipulation also attempts to make the victim feel pity, guilt, fear, or enthusiasm. As mentioned earlier the attacker has planned to contact, so their contact may sound credible for the basis of obtaining your information.
3. User manipulation tactics
Enticement
- The enticement is when the scammer entices you to do something, for example, to click on a link that interests you, or to insert a USB flash drive received in an envelope into your computer that could contain malware.
Cover story
- In such attack, an attempt is made to gather information from the victim under the guise of a cover story, such as an Internet survey. "Answer how big a carbon footprint you have?"
Phishing
- Information can be requested by email, text message or phone call, impersonating a genuine influential source such as a bank, courier company or a member of the management team.
4. Control measures
Calm down
- If the situation seems urgent or you are under pressure, it is important to stop for a moment to consider the next action. Scammers strive for urgency so you don’t have time to think about it thoroughly.
Check the spelling of the email
- Most of the fishing messages have been translated using a translation program. Therefore, there are typos in the text or the message is poorly written, which may indicate a scam.
What information does the contact have about you?
- When being contacted, it is a good idea to consider what information the contact has about you. If the contact person lacks the information he or she absolutely should have, it may be a scam.
Ask the contact to prove their identity
- As mentioned, social manipulation can take place in many different place. One example is when an unknown person tries to enter the building. Usually they carry stuff like ladder or boxes to confuse the victim to open them locked doors. Therefore, when necessary ask the contact to prove their identity. You can ask for the name, number of the supervisor and then make sure the information is correct.
Is the situation realistic?
- Realistic thinking means that you understand what could really be possible and why it would happen. If you receive an email with a Payroll Word file attached and you do not process anyone's payroll information in your work it is important to think about why that file should be sent to me? The same applies if your supervisor calls to ask you to do something surprising. Would my supervisor do that? Reflecting on the realism of the situation can help combat many such attacks.