The Daily Vantage

Cybercriminal groups like Scattered Spider are increasingly leveraging sophisticated tactics to exploit human psychology, targeting both corporations and individuals. The Federal Bureau of Investigation recently issued a warning about this group’s activities, particularly its focus on the airline industry. Known for orchestrating cyberattacks against major Las Vegas casinos in 2023, Scattered Spider relies heavily on “social engineering”—a method that manipulates people into divulging confidential information or granting access to secure systems.

According to the Cybersecurity and Infrastructure Security Agency (CISA), social engineering involves attackers using interpersonal skills to trick victims into revealing sensitive data. Once armed with such information, these criminals may impersonate trusted colleagues, vendors, or service providers to infiltrate an organization’s digital infrastructure. Specific examples of Scattered Spider’s techniques include posing as company employees or contractors to deceive IT help desks into granting unauthorized access or convincing support teams to add fake multi-factor authentication devices to compromised accounts.

However, social engineering isn’t limited to corporate environments—it also affects everyday individuals. Cybersecurity experts warn that certain populations are more vulnerable due to emotional or psychological factors. John Young, COO of Quantum eMotion America, explains that loneliness can make people susceptible to romance scams, while those seeking quick financial gains often fall for fraudulent investment schemes. Even tech-savvy individuals aren’t immune, especially when fear of missing out (FOMO) clouds their judgment.

These deceptive practices have become alarmingly common. Phishing via email, smishing through text messages, and vishing over phone calls are all forms of social engineering where scammers pose as banks, retailers, or customer service agents to extract personal details. Joseph Steinberg, cybersecurity expert and author of Cybersecurity for Dummies, notes that humans are naturally inclined to trust technology more than strangers in person. “If someone approached you on the street claiming your bank told them to reset your password, you’d be suspicious,” he said. “But if the same request comes from an email that looks legitimate, people might comply without verifying.”

Artificial intelligence has further complicated the landscape. Hackers now use AI tools to gather personal data, craft convincing messages, and even create deepfakes—synthetic media that mimics real voices, faces, or videos. Steinberg has witnessed demonstrations where scammers used AI-generated audio to impersonate a victim’s relative, begging for urgent financial help. “Every time I’ve seen it done, it works,” he admitted. “The technology is that advanced.”

To combat these threats, CISA recommends several preventive strategies:

• Limit personal information shared online, especially on social media.
• Verify unsolicited requests by contacting companies directly using official contact details.
• Use strong, unique passwords and enable multi-factor authentication wherever possible.
• Stay informed about the latest scam tactics and educate family members, especially children and elderly relatives.

Steinberg emphasizes the importance of establishing verification protocols within families. He personally uses a system where he asks his child for a specific piece of private information only they would know during unexpected calls. This simple step can thwart many voice-based social engineering attempts.

Ultimately, awareness and skepticism are key defenses. As Steinberg puts it, “The most important thing is to internalize the fact that you’re a target.” Young echoes this sentiment, teaching older adults to recognize modern scammers as the digital version of classic con artists—using persuasion rather than physical deception.

As cybercriminals continue refining their methods, staying vigilant and adopting a cautious mindset will remain essential in protecting both personal and organizational data.