Don’t Fall for It: Social Engineering and How Scammers Hack Your Brain

How to recognize, avoid, and beat the scams.

You’ve probably heard the term social engineering. It’s behind almost every scam.

Social engineering isn’t about technology, trickery, or even intelligence or the perceived lack thereof; it’s psychology, pure and simple. It’s about pushing your buttons.

And we all have buttons to be pushed.

Social engineering playbook

Scammers are experts at messing with your mind. They use fake urgency, pretending to be someone important, or scaring you to get you to act fast. When something feels off, slow down! Hang up if you must. The more red flags you spot, the more likely it’s a scam.

Social engineering

Social engineering is nothing more than manipulating you into doing something — perhaps something you wouldn’t normally consider doing — by exploiting how your brain works.

The techniques vary, but it generally boils down to pushing the right buttons in the right way at the right time. If they do that sucessfully, it’s possible to get you to do just about anything, whether it’s in your own best interest or not.

Fortunately, you can become more resistant to the mind games with a little knowledge. You can bring that awareness to bear whenever something seems even the slightest bit off.

Mental shortcuts

Your brain is busy all the time. That means it often looks for shortcuts to avoid working quite so hard.

For example, perhaps you get an email with your bank’s logo prominently displayed. Your brain relaxes a bit at the familiarity; it doesn’t feel as great a need to be suspicious, even though we know anyone can send you an email with your bank’s logo. Your brain has taken a shortcut.

If you come across something you already believe, or something new that confirms your pre-existing belief, your brain takes another kind of shortcut. If you already believe something to be true, your brain doesn’t spend extra effort confirming it yet again. This is known as cognitive bias.

If you’re busy, distracted, or stressed, your brain is much more likely to reach for a shortcut rather than think something through carefully. Scammers know this, and they’re more than ready to take advantage of it.

None of those thing have anything to do with intelligence. They’re about being human. You’re not “dumb” if you fall for a scam; you’re human.

Scammers are highly skilled manipulators. They know your brain takes shortcuts, and they leverage that to try to scam you.

Fortunately, recognizing the techniques scammers use is a skill you can build.

Related

All the “Ishings” Trying to Scam You

The concept of phishing has spawned a variety of "ishing" terms. They represent different ways scammers try to achieve a common goal: to scam you. I'll review what they all mean.
#181492

Manipulation techniques

These are common techniques scammers use to manipulate you. Understanding and recognizing them makes you less vulnerable to their scams.

Scammers lie

This isn’t a technique as much as it is a characteristic of all scams, and I can’t stress it enough: scammers lie. They’ll say anything to further their story and sucker you in, whether it’s true or not.

I often hear stories from victims who end up defending themselves, or even the scammer, by saying something like, “But they said …” Indeed, they did say that, and it was a complete fabrication; a lie. You cannot believe anything a scammer tells you. Scammers use AI to lie in new, creative, and convincing ways; you can’t necessarily believe anything you read, hear, or see.

Urgency

Time pressure is at odds with critical thinking, and it’s a common sign that something might not be legitimate.

Anything with a deadline triggers our brains to prioritize that thing and to avoid taking the time to question it.

Examples are numerous. They include the email threatening you with online account closure if you don’t take some kind of immediate action, or the message that insists you pay a certain amount in “fees”, or “good faith”, or even an explicit “ransom” by a certain time, or the police will show up at your door and take you away.

Authority

We’re wired to respond to authority figures from childhood, and scammers love to turn that programming into something malicious.

Scammers often impersonate someone with power, from an IRS agent to your boss or some other respected figure. It’s not uncommon for the scammer to be so thorough that they’ll take on the persona of a real person. If you do try to investigate, the surface-level facts line up in the scammer’s favor. For example, a scammer could look up the name, phone number, and even badge number of a local police officer and then impersonate them. Any simple searches you do to confirm their identity could seem to confirm it.

Other examples include the infamous tech support scam, where scammers call and pretend to be someone from a respected company or agency.

Related

Many Ways Your Account Can Be Hacked and What to Do About It

There are many ways accounts can be compromised. There are also many simple ways you can protect yourself.
#180742

Fear

Scammers play on your fears. Done well, this can trigger a deep-seated fight-or-flight response that once again bypasses your critical thinking skills.

Examples include emails claiming to have footage of you in a compromising position1, arrest warrants in your name, heavy fines if you don’t take some kind of action, and more. In all cases, the fear of embarrassment or financial loss can drive you to take action you normally wouldn’t if you took the time to think about it carefully.

Reciprocity

Your brain is wired to return favors. Thus, a scam that offers you something first can create an implicit feeling of obligation or even comfort and familiarity.

Free trials, free computer scans, someone reaching out to help you with a problem you didn’t even realize you had — these are all designed to make you feel indebted to take the next step.

Guilt is also built on reciprocity. Romance scams are notorious for this. Scammers invest heavily to build a (fake) relationship with you, only to play the guilt card when you refuse their inevitable need for cash or question anything at all.

Trust

Most people let their guard down around people they like or corporations and brands with which they have an existing and good relationship.

Scammers impersonate whomever they can to get you to trust them. Panicked calls from “grandchildren” in a pickle, fake Facebook accounts impersonating people you know, and, as always, email messages that claim to be from a company you know and do business with, and yet are anything but.

Social proof

When you’re uncertain about something or realize you don’t have enough information to make an informed decision, you often look to what others have done.

Scammers often use fake testimonials, manufactured reviews, and even fraudulent crowdfunding campaigns to make their efforts seem more legitimate than they really are.

Empathy

An entire class of scams is based on getting you to feel sorry for the scammer and take action to help them out. Whether posing as someone you know or not, they weave a story, often something that tugs at your heartstrings, in order to get you to help them — typically with cash.

A variation is a social engineering approach scammers use to perform sim swap scams. They call your mobile provider and pretend to be you, telling a sob story about a lost device. When successful, your phone number (and everything associated with it) is transferred to the hands of the scammer.2

Additional signs

These aren’t as explicitly manipulative, but they are signs that something could be amiss.

• Being instructed to pay via cryptocurrency or gift cards. Once payment is made, it cannot be recovered. This is almost always the sign of a scam.
• Being instructed not to tell anyone. Besides the obvious “we need to keep this between us for security” or similar excuse, some scams go so far as to keep the mark on the phone the entire time while they visit their bank and retrieve money to be given to the scammer.
• Being instructed to install software or open an attachment or link. You could easily be installing malware, giving the scammer access to more than you ever realized.

All of these are frequent signs that someone is attempting to manipulate you into doing something that isn’t in your best interest.

Related

I Got a Call from Microsoft and Allowed Them Access to My Computer. What Do I Do Now?

A very common scam has people supposedly from Microsoft, your ISP, or other authorities calling to help you with computer problems. Don't fall for it.
#4863

Constructing a scam

It’s important to understand that scammers don’t use just one of the techniques I’ve listed. They layer the various techniques in ways that minimize the obviousness of each. Combined, they lead you down a path to disaster.

Take that email from your bank.

• Authority and familiarity: the official-looking letterhead.
• Urgency: You need to respond quickly or risk losing something important.
• Fear: threatening you with monetary loss if you don’t respond appropriately.
• Trust: it’s (supposedly) your bank, an institution you’ve probably been dealing with for years.

Each may not seem out of the ordinary enough to trigger red flags, but the combination is killer.

A scam by any other name would smell as bad…

If you pay attention to the patterns above, you might realize that everything I’ve described applies to something else that, while not technically a scam, often comes pretty darned close: marketing.

The techniques I’ve listed are often used when promoting presumably legitimate products and services. In fact, many of the best references on the topic of manipulation are resources created specifically for individuals and corporations trying to sell you something.

Inoculating yourself against scams will help you see through marketing hype as well.

Take a beat, not a beating

The single most important thing you can do is STOP and take a beat.

The single most obvious sign? Urgency. If you’re being pressured to do something quickly, or more quickly than you’re comfortable with, come to a complete halt.

Urgency is a big clue that you need to slow down and think things through carefully.

Review the list of techniques above. How many can you count in your current interaction? The more you recognize, the bigger the chance that it’s all a lie.

If the scammer claims to be from an organization you recognize or even do business with, then contact that business directly to confirm whatever the scammer claims is happening. Look up the phone number or website yourself. Never rely on anything the potential scammer offers. Remember: scammers lie.

Bounce it all off a trusted friend or family member. There’s no shame in asking for a second opinion, especially if it’s about to impact your life savings.

It’s OK to hang up. We’ve also been programmed to be polite, and that works against us when we’re in the hands of a scammer. Scammers don’t deserve it, and they’ll use it against us as much as they can. Hang up and verify through different channels to stay safe.

The red flag checklist

• ☐ “You must act immediately.”
• ☐ Request for gift cards, wire transfers, or cryptocurrency.
• ☐ Unexpected and unsolicited contact from a company or organization you recognize (and even those you don’t).
• ☐ Threats, particularly of financial loss or harm.
• ☐ Pressure not to tell anyone else.
• ☐ Offers that seem too good to be true.
• ☐ Requests to download software or click a link.
• ☐ Emotional appeals that feel off.

The more of these that apply, the greater the chance that you’re dealing with a scam.

Podcast audio

Download (right-click, Save-As) (Duration: 14:02 — 12.9MB)

Subscribe: RSS