A common social engineering trick can make you a victim of fraud
When someone tells you that you look familiar, how do you respond?
Because we want to be friendly and helpful, most of us will volunteer personal information as we try to figure out the connection.
Doing that may put us at risk of identity theft.
In a presentation on cybersecurity to the Central Florida Christian Chamber, information security expert Andrea Sherwood shared a wide range of strategies businesses and individuals can use to keep their data safe. Among other things, she talked about how sophisticated phishing and smishing (smishing is phishing via text messages) scams have gotten.
Another member of the audience, Connie Martin (author of The Art of Picking Up Dog Poop: Leading from the Middle), said that the “you look familiar” line is a common social engineering trick.
I had to look up the meaning of social engineering. I was familiar with the first definition (the use of centralized planning in an attempt to manage social change and regulate the future development and behavior of a society). I didn’t know about the second definition:
(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Later, Connie shared an eye-opening story with me. She was in an airport security line, chatting with the person waiting next to her, who told her she looked familiar.
“He learned where I went to school, where I had been stationed in the military, and the many places I had lived as I tried to make the connection for him,” she said. “It occurred to me as we left for our separate gates that he acquired quite a bit of information about me during that quick conversation that could later be used in nefarious ways.”
Connie says her standard response to the “you look familiar” line is now, “I get that a lot.” It lets her be friendly and still protect her personal information.
Of course, not everyone who tells you that you look familiar is a fraudster looking to collect information. Sometimes you really do look familiar and they’re genuinely trying to figure out if and how they know you.
For example, as an author and self-publishing consultant, I do presentations. When I’m one person in the front of the room, it’s logical that the members of the audience are much more likely to remember me than I am to remember them. But I’m not a highly-recognizable celebrity, so it’s not uncommon for me to simply look familiar to someone who has heard me speak and then sees me in another venue.
While Connie’s response is effective, it’s possible to engage further and still not reveal too much about yourself. Here are some techniques I use:
- Ask the person’s name. Don’t be embarrassed about admitting you don’t know who they are—if they’re truthfully saying that you look familiar, they’ve obviously forgotten your name, so you’re on equal ground. And if they don’t want to tell you their name, or they don’t give you their full name, that’s a red flag.
- Turn their questions around. If they ask what you do, answer in general terms and ask what they do. If they ask where you went to school, answer with something like, “Oh, it’s a long list. Where did you go to school?” If they ask about your kids, you can say, “They have forbade me to talk about them. How old are yours?”
- Be vague. If they ask where you work, give them a city, not the name of the company. And then ask them the same question.
- Ask for a business card. Tell them you’ll reach out if you can remember where you’ve met. You may or may not want to offer your own card—it’s a judgment call you’ll need to make based on the situation.
It’s also important to consider the circumstances when deciding how much information to share. You should definitely be more cautious when someone you don’t recognize approaches you in a public place than you would be if you’re at an industry conference where it’s likely that you really have met the person before.
What about when the situation is reversed and you see someone who looks familiar? By all means, speak to them—just do it in a way that demonstrates that you are honest and sincere.
- Say or Write What You Want, but Accept the Consequences - December 17, 2024
- Hourly Billing is Dying—May It Rest in Peace - December 11, 2024
- WriterWatch: A Cool New Tool for Authors - November 20, 2024