How Identity Thieves Use Social Engineering

Posted on


Social engineering is an identity theft technique where the attacker uses human interaction to manipulate you into disclosing information. People are wired to trust, and social engineering exploits this human tendency.

Once criminals trick you into divulging your vital information, they can use it to impersonate you and commit identity theft and fraud. Criminals use a variety of social engineering attacks to attempt to steal your information.

Here are the most common:


Ghosting is the act of stealing the identity of a deceased person. Criminals steal the identity of dead people because most of the time, there is no one to report the crime. When there is no surviving family to report the identity theft, this crime can go unnoticed for years.

As long as a dead person’s social security number is active, a fraudster can use it to rack up new debt.

It becomes even easier when the deceased did not have an open credit report.  This is because the fraudster can now use synthetic identity theft techniques. Synthetic identity theft is a type of identity theft where fraudsters use fictitious information to create a fake identity. They can use a combination of real and fake information to create a new identity.

For identity thieves to be successful in stealing a deceased’s identity, they have to do it soon after death. Therefore, it’s essential to place a ‘deceased’ note on your relative’s credit report as quickly as possible.


Phishing is a social engineering attack that uses a fraudulent website to lure internet users into providing their personal information.

Although phishing is commonly done through emails, it can happen in any web page as long as you fall for the landing page. For instance, a criminal can set up a phishing website that mimics your email login page. Once you enter your login details, the attacker records it and uses the information to access your email.

The criminal then changes the passwords and locks you out. With your email, it becomes easier to log into other services you use, or gather the personal information of people in your close circles.


Smishing is similar to phishing except in this case, the fraudster’s tool is a text message instead of a fake website. The criminal often impersonates a business or organization that the victim has an account with. Most Smishing messages are crafted to create anxiety and push victims into clicking on a hyperlink, which leads them to a phishing website.

It’s easy to avoid becoming a victim of Smishing because it’s obvious from the get-go. Most trusted businesses do not communicate through SMS messages and they rarely ask for sensitive information through the phone.

You can also make it a habit to type out URLs into the address bar of your computer instead of clicking on a link.

Fake employment

In this type of social engineering, the fraudster poses as a potential employer and sends out invitations for people to apply for a job. In most cases, the jobs offer relatively high pay and require some skills that almost anyone has.

If you fall for this, you send in your resume with all or most of your personal details and hope to get an interview.  The fraudster gathers your information and uses it to commit identity fraud.

This approach is also used with fake loan offers.  The fraudsters induce you to believe that you will qualify for a loan and all you need to do is verify your identity. The fraudsters can either obtain the information personally or through the use of a honey-pot website built for the scam.

These types of social engineering work by exploiting desperation. When you are jobless and pressed for cash, it easy to fall for such traps. You should therefore take time to double-check an offer before you provide any information. Also, check to see if the business hiring or offering a loan is an actual business, and confirm that they are indeed hiring.

Final word

These are just a few of the social engineering tricks that identity thieves use to trick you into providing your personal information. What is more, these tricks are all open to interpretation in the eyes of identity thieves. Once they gather a bit of background information, they can device new ways of tricking you into giving out your information. Here are five tips to help you prevent social engineering.




Continue reading