The Truth Behind Social Engineering 3/3

Time to read
3 minutes
Read so far

The Truth Behind Social Engineering 3/3

Fri, 03/23/2018 - 15:03
Posted in:

There is a known phenomenon in the US regarding phone calls relating to IRS where callers alert individuals that they supposedly owe money to the IRS or their State Government.

If you missed part one and two you are going to want to read it before reading this one. I started writing about social engineering and below is the final installment part III.

There is a known phenomenon in the US regarding phone calls relating to IRS where callers alert individuals that they supposedly owe money to the IRS or their State Government. However, the call is not legitimate, it is an intentional fraud attack via telephone, or through the internet via email, both operated by social engineering methods. They will say your name, address and other personal information to gain your trust but trust me, it isn’t real!

Whatever you do don’t pay them!

A small and perhaps enlightening tip on this topic: the IRS, or any State tax collector, does not make telephone calls to tax payers; they send official Notifications in the mail regarding back taxes and overdue.  They will suggest ways to pay off your back taxes owed, all in written form sent via the USPS, whether it be for you to call their 800 number, for you to schedule a personal appointment at their office, or penalties with methods such as wage garnishments, freezing bank accounts, etc…  

[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

Never, ever, do they collect money over the phone!  Therefore, this type of phone call should immediately put you on high alert and you should understand the risks by continuing to indulge in this type of call.

When someone calls you to tell you a story that you owe money for Income Tax, to government authorities, banks or any other organization, and this is a story that does not reflect your financial past, do not give the person you are speaking with any details at all. Instead take these few steps to verify someone’s identity  

  1. Who is calling me, name and last name?
  2. What is his role with force and where is he located?
  3. Ask them for their email address and ask to communicate via writing. Most banks and government agencies do that before ever calling you.
  4. Ask for a telephone number to get back to him and ask to get back to him only after checking out the phone number, do a google search or go to the website and check if the number is the same. If it isn’t you were being scammed.

Don’t be afraid to act assertively if needed, everything is in order to protect your privacy.

If you are a secretary or director of an organization this rule applies to you very much.  If people ask to speak on financial matters, budgets or clarification of any organizational information, you need to understand who they are and where they are from and what their final objective is before you continue with them in any process. It’s possible to ask for this information in a relaxed way and formal way.

When you make use the Google Chrome browser it is recommended to pay attention to the warnings appearing there such as “a fraudulent site in front of you”.  

This is a warning presented by Google when the Google browser identifies social engineering material presented on the site you entered.

There are fishing sites, sites whose entire purpose is to deceive users and to cause them to reveal their personal information such as passwords, email addresses, telephone numbers, and other details…

Social engineering can even appear in content embedded within certain sites, that is to say the site hosting you can contain pop-up windows asking you to leave regular personal details such as your name and email, or to reveal more in-depth personal details. Do not fill out these details before you have checked why this is relevant.

  1. Stay updated with hot trends of the hacker world. I recommend registering to my blog for the most up to date hacker information. (Shameless promotion I know)
  2. If you work in a large organization, ask your IT department for any cyber threats warning out there. Most companies have this available and the IT department will gladly let you in since this helps them do their job better.

In short, Social engineering is a very severe threat but it can be addressed by paying attention, using common sense and understanding if it’s too good to be true or too bad to be real it probably is.

For questions please email]

Karin Zalcberg

By Karin Zalcberg on 3/23/18

Article first reported at CyberHub Summit