Manipulation of a person (Social engineering)
1. What is manipulation?
Manipulating of a person is a situation where an attempt is made to make a person disclose data through manipulation. There are many different ways, but the most common is when a scammer pretends to be, for example, an IT support representative or co-worker. Scams can happen online, over the phone or face to face. What makes manipulations dangerous is that they are carefully planned. Usually, the scammer collects background information about his victim to make the contact as credible as possible. Then the scammer contacts the victim and tries to create the dialogue as credible as possible. Finally, once the victim has been persuaded to take the desired action, the fraudster commits fraud. It is important to know that even a small amount of information for a scammer may be enough to combine the information with existing information, as a result the scammer may gain access to the intranet or user accounts.
2. What are the typical features of manipulation?
The most common features of manipulation are persuasion and reliability, which are used as approach tactics. It allows the victim to provide information that you would not otherwise provide. Emotional manipulation also attempts to make the victim feel pity, guilt, fear, or enthusiasm. As mentioned earlier the attacker has planned to contact, so their contact may sound credible for the basis of obtaining your information.
3. Persons manipulation tactics
- The enticement is when the scammer entices you to do something, for example, to click on a link that interests you, or to insert a USB flash drive received in an envelope into your computer that could contain malware.
- In such attack, an attempt is made to gather information from the victim under the guise of a cover story, such as an Internet survey. "Answer how big a carbon footprint you have?"
- Information can be requested by email, text message or phone call, impersonating a genuine influential source such as a bank, courier company or a member of the management team.
4. Control measures
Slow things down
- If you’re approached with an urgent request or feel pressured, it’s important to stop for a minute before you do anything. Scammer often try to create a feeling of urgency so you won’t have enough time to think things through.
Check the spelling of the email
- Most phishing messages sent in Finnish have been translated using machine translation. This often results in spelling errors and clunky sentences. This is often a sign that the message is a scam.
What information does the contact have about you?
- If you get contacted, it’s good to note what information the other person has about you. If they are missing a piece of information they should definitely know, this could be a fake contact.
Ask the contact to prove their identity
- As mentioned, social manipulation can take place in many different place. One example is when an unknown person tries to enter the building. Usually, they carry stuff like ladder or boxes to confuse the victim to open them locked doors. Therefore, when necessary, ask the contact to prove their identity. You can ask for the name, number of the supervisor and then make sure the information is correct.
Is the situation realistic?
- Realistic thinking means that you understand what could really be possible and why it would happen. If you receive an email with a "Payroll" -Word file attached and you do not process anyone's payroll information in your work it is important to think about why that file would be sent to me? The same applies if your supervisor calls and asks you to do something unexpected. Would my supervisor ask something like this? By considering how realistic such situations are, can help to prevent many attacks.
- Created by Unknown User (kimmosv), last modified on 13.6.2022