Many small businesses will enjoy success in 2024. That said, cybersecurity threats remain a grave risk and you can expect many businesses big and small to be targeted. Cyberattacks can result in leaked data, chargebacks, ransom payments, and more. It’s crucial that small businesses be aware of the threats and to take steps to increase security. Even as technology evolves, old-fashioned social engineering will remain a favorite tool for fraudsters and a major risk for small businesses.
What is Social Engineering Anyway?
When you think of cybercriminals, you might think of someone hidden away in a dark room, pouring through lines of code, looking for vulnerabilities. Certainly, these hackers exist, but in practice, many fraudsters skip code altogether and focus instead on social engineering. With social engineering, criminals use psychological tactics to get people to hand over login credentials, money, and more.
A fraudster might claim to be a representative from the Internal Revenue Service (IRS) and claim that a small business owner is behind on his or her taxes. Often, this fraud involves payments with hard-to-trace and block gift cards. While the IRS will never demand payment in the form of gift cards, some folks fall for this tactic anyway, purchasing gift cards and handing them over to scammers.
Many fraudsters conduct social engineering via email, text messages, and other digital communication channels. A fraudster might email someone and claim to be a representative for a major merchant, like Amazon or eBay. Then, they’ll claim that there was a security breach, and the customer needs to hand over their login credentials to secure their account. If the customer takes the bait, the fraudster can take control of their account and may be able to make illicit purchases or transfer funds.
Sadly, in this case, a customer caused the breach, but it’s quite likely that merchants will bear the burden. If someone uses stolen credit card numbers that they got through social engineering to make an unauthorized purchase, a merchant may be hit with a chargeback.
AI Will Supercharge Social Engineering
Traditionally, social engineering has been a labor-intensive process. Writing up emails and messaging people takes a long time. Potential targets may ask questions that the fraudster may have to answer. Sometimes, the conversations end up being rather long and the conversion rate is ultimately quite low.
Artificial Intelligence is changing the dynamic, however. Just as legitimate companies can use chatbots to provide customer service, fraudsters can set up chatbots to perpetrate fraud. These bots can communicate directly with customers, answering questions, gathering data (like login credentials or credit card numbers), and otherwise pressuring people to slip up and fall for the scam.
This has made social engineering much easier to conduct on a mass scale. Even if the conversion rate is extremely low, say .001%, it could still turn out to be very profitable because much of the criminal activity has been automated and fraudsters can target a lot of people very quickly. For businesses, successful social engineering attacks can result in fines, civil suits, chargebacks, and various other issues.
Fraudsters Can Use Social Engineering in the Real World Too
With click-and-pick-up programs, a customer can make a purchase online, then stop by a store to pick it up at the curb or customer service counter. When used legitimately, click-and-pick-up programs reduce friction, making shopping easier and helping merchants drive more revenue.
Sadly, however, click-and-pick-up programs are being targeted by unscrupulous cardholders looking to commit first party fraud. Fraudsters can make a purchase online, then pick it up in the store. However, if the store doesn’t verify and document the person’s identity and that they received their purchase, the cardholder can contact their bank and ask for a chargeback, claiming they never got the goods. Without documentation and confirmation, it’ll be hard for a merchant to successfully contest a chargeback.
Another common tactic is for someone to approach a customer service department and claim that they bought something online and that they’re here for a pick-up. The fraudster hasn’t actually purchased anything, however, but instead will try to get the customer service reps to hand over someone else’s purchase. Then the legitimate customer turns up to pick up their purchase only to find out that it has been given away. In these situations, they are going to demand a refund or replacement. They might also file a chargeback, especially if the merchant is balking at a refund or replacement.
Focusing on the Human Factor to Fight Social Engineering
People are the key component of social engineering. Fraudsters use basic psychological principles and various tactics to get someone to mess up. Then they can exploit that person or another party, like a small business owner. As such, it’s crucial for businesses and individuals to understand what social engineering looks like, how it is used, and how you can spot it. If employees at a store shut down social engineering attempts, it could save you from a lot of headaches. Proper training can go a long way.
Various tools can also help you combat fraud. For example, the right dispute management platforms such as ChargebackHelp can automatically gather data, which can then be shared with the bank that is considering filing the chargeback. If you can present compelling evidence, you might convince the bank to decline to file or chargeback or could win the resulting chargeback dispute. Ultimately, fighting chargebacks can be a boon for merchants, allowing them to recover revenue.