The Top 3 Social Engineering Scams of All Time

The Top 3 Social Engineering Scams of All Time

The purpose of social engineering attacks is, basically, to gain the victim’s trust to steal data and money. Social engineering incidents often also involve the use of malware, such as ransomware and trojans.

A scammer could call you on the phone pretending to be someone you trust,  or send spam emails and texts.  They will use psychological manipulation to get you to disclose your PII including passwords and SMS One Time Passwords . Under the guise of helping you, they try to get you to click on a link that will infect your device with malware or worse get you to download an app that allows them to take over your device and accounts.

Common social engineering or “phishing “ scams involve an incoming call from a number that looks like your bank. They ask you to “confirm” your identity by sharing your PII including one time passwords .

Here are 3 real cases of social engineering to illustrate how creative these scammers can get:

Shark Tank, 2020

One of The Sharks, Barbara Corcoran, fell victim to a USD 400,000 phishing and social engineering scam in 2020. A cybercriminal impersonated her assistant , using an email address similar to her legitimate one , requesting for a renewal payment for a real estate investment. The fraud was only uncovered after the bookkeeper sent an email to the assistant’s correct email address asking about the transaction.

Ethereum, 2017

In 2017 the Ethereum Classic website was hacked via social engineering. The hackers impersonated the owner of the Classic Ether Wallet, gained access to the domain registry, and then redirected the domain to their own server. They then extracted thousands of dollars worth of crypto from the victims after entering a code on the website that allowed them to view private keys that are used for transactions.

Sony Pictures, 2014

The government of North Korea targeted Sony Pictures through a spear phishing attack directed via fake Apple emails sent to Sony’s employees. Thousands of files, including business agreements, financial documents and employees’ information, were stolen.