All news
Cyber expert Shutov: most often, scammers play on the user's fear
Vasily Shutov, a lecturer at the KB-1 Information Security Department at RTU MIREA, explained that social engineering is a cyber fraud tool that is actively used by criminals for financial fraud, data theft, and gaining unauthorized access to systems and confidential information. I am talking to RT.
"It involves using various psychological methods of influencing people, including with the help of modern technologies. Unlike traditional cyber threats, such as viruses or hacker attacks, social engineering exploits human weaknesses, not software or hardware vulnerabilities," the RT source warned.
Shutov noted that this is especially dangerous because even the most advanced technological security measures are useless if a person voluntarily provides access to confidential data.
“In most cases, scammers take advantage of fear, the user’s desire to help, or an urgent need to resolve an important issue,” the analyst added.
According to him, one of the most common methods of social engineering is phishing.
"It consists of attackers sending fake emails or messages that mimic trusted sources, such as official websites or social media communities. The goal of phishing is to trick users into providing personal data, such as passwords, credit card numbers or contact lists," the expert said.
Phishing attacks often disguise themselves as urgent or important messages in order to trick users into feeling the need to respond urgently.
"For example, your bank may send you a letter asking you to update your security data, or you may receive a letter asking you to participate in a lottery. There is also voice phishing. This is when a fraudster calls and introduces himself as an employee of a financial institution, a government agency, the head of the company's HR department, etc. However, often the attackers do not even need to personally communicate with the user. It is enough to send fake messages, notifications and advertisements," the expert said.
Another social engineering method is pretexting, where attackers create false pretexts to obtain information, Shutov explained.
"Unlike voice phishing, which typically occurs via phone calls, pretext can involve many forms of communication, including email, face-to-face meetings, and even the use of fake documents. Fraudsters collect user data from open sources and social networks and use it to trick these users into providing confidential information, transferring money, and providing access to personal accounts," he noted.
Social engineering can also involve actual physical access to documents or equipment, he said.
"In these cases, fraudsters pose as employees and technical experts of various companies or government officials, using fake IDs, uniforms and other characteristics that catch people off guard. Social engineering can be used not only to steal a person's identity and money, but also to carry out more complex cyber attacks, such as introducing malware or gaining control over confidential systems. This makes social engineering one of the most dangerous cybersecurity threats," the expert concluded.
As previously reported, from January 1, 2025, large banks will have to enter fraudsters' data into their systems to combat suspicious transactions.