Episode 4: Social Engineering – Baiting, Scareware and Pretexting


2020 saw a number of catastrophic data breaches affect some of the world’s largest companies.- from live-streaming website CAM4, in which 10.88 billion records were exposed.

To the Thai cell network AIS that suffered a huge data leak, in which 8.3 billion logs of customer data became exposed.

In the US, data breaches fell to an estimated 1.1 billion in 2020. It is predicted, however, that the number of data breaches in the US will rise to over 1.4 billion in 2021.


Baiting, Scareware and Pretexting

With the migration of much of our lives into the digital world, we can be involved digitally in events on the other side of the world! For example, in 2021 it was possible to watch a volcano erupting in Iceland or in the Canary Islands live!

We also can shop for everything without even leaving the comfort of our homes.

This increased digital presence, brings many more security issues for us to be aware of. Including baiting, scareware and pretexting.

Baiting isn’t a new tactic. It has been used for years, and now it has gone digital. In the old days it may have involved an ad in a catalog, or junk mail. A picture of a wonderful prepaid vacation. You pay money for a vacation that was pitched to you, and when you get there, it is not what was advertised.

Now you may get an email that offers something amazing, but when it comes in the mail, it is a cheap imitation of what you were expecting. One example of this was on an episode of a TV court show where a lady thought she purchased a phone, but what was shipped was just the photo of the phone. The defendant was accused of baiting people to bid on a phone, when the description did said it was just a photo of the phone that was on offer.

With an online transaction it is VITAL that the consumer read all of the fine print. While in the case mentioned above, the defendant lost, it was a long process for the plaintiff to get her money back.

Scareware is a type of malware that attempts to scare a user into clicking a link or calling a phone number. Sometimes these tactics say your bank account has been compromised, or you will be arrested if you don’t reply. The scammers know that any response will open the user up to be scammed.

Another example is a website pop up that blocks your screen saying a phrase like “Your computer is compromised, click here to resolve the issue.” Or “Call this number for tech support.”  It may even seem like you can’t close the webpage or popup. What can you do? The best advice is DO NOT CLICK THE LINK OR CALL THE NUMBER.  If you click or call a website or person will often ask you to allow them access to your computer and they will work their magic, and ta-da, your computer will be all better, for a small price of $1400.00 or some other amount.

Here is a tip. If you can’t get a browser window to close in Windows, press Ctrl+alt+delete, and when the menu comes up select task manager. It will open to a window listing the programs that are active. Highlight your browser that is frozen. At the bottom of the task manager is an End Now button that you click to close the highlighted application.

Pretexting is when someone poses as someone else to get information. This can be digital in an email or false website. It can also be physical – a person knocking on your door pretending to be from any company. Digital pretexting can be a person emailing you regularly saying they are one person, and then after taking time to get to know you, asks for money or other information.

Social engineering tactics all play on our cultural expectations, our trust level and our vulnerabilities. Be careful who you give information to!

Be safe out there!

Leave a Comment