🧠 “They Don’t Hack Systems—They Hack People: Real Stories of Social Engineering”

Ordinary people. Unbelievable scams. One common mistake—trusting too easily.

🖊️ SHUBHRA • 23 July 2025 • Cybersecurity & Human-Centered Threat Analysis

---

📖 The Stranger Who Knew Too Much

It was a typical Thursday morning.

Sunil, a 19-year-old student, was sipping tea and scrolling through memes when his phone rang.

“Hello, is this Sunil Sharma?”

“Yes, who’s this?”

“This is Priya from your bank. There’s been a suspicious login attempt from your account…”

The caller already knew his name. She sounded professional and even quoted the last 4 digits of his account number. Sunil trusted her.

Then came the fatal request:

“For verification, please tell us the OTP we just sent you.”

He read it aloud.

Minutes later, ₹19,000 vanished from his account.

---

🧠 What Is Social Engineering?

Sunil didn’t get hacked through software.

He got hacked through trust.

Social engineering is the psychological manipulation of people into giving away confidential information.

Attackers often impersonate authority, create urgency, or build false trust to deceive their victims.

---

🎬 Scenario 1: The WhatsApp OTP Scam

👨‍🦳 Meet Ramesh

A retired teacher. He got a WhatsApp message:

“Hi Uncle, I accidentally sent my OTP to your number. Please send it back 🙏.”

Seconds later, a real WhatsApp OTP arrived. Ramesh, thinking it was a mistake, shared it.

Result: He was logged out, and the scammer took over his account, messaging his contacts for money.

🔍 Why It Worked

• The message felt personal (“Uncle”)
• Seemed urgent
• He didn’t understand what OTP was for

---

🎬 Scenario 2: The Fake Job Offer Trap

👩 Meet Anjali

A college student who received:

“We’re hiring part-time: ₹10,000/week. No experience needed.”

She replied. A fake interview and offer letter followed.

Then they asked for a ₹250 “registration fee.”

She paid. They vanished.

🔍 Why It Worked

• It matched her needs
• Looked professional
• Fee seemed small

---

🧪 Common Techniques in Social Engineering

• Phishing: Fake sites/emails to steal data — “Reset your password here”
• Smishing: SMS scams — “Click to track parcel”
• Vishing: Voice-based scams — “We’re calling from your bank”
• Pretexting: Creating fake scenarios — “We’re tech support”
• Baiting/Traps: Leaving infected USBs or fake offers — “Download this free tool”
• Impersonation: Pretending to be officials, HR, relatives, etc.

---

🛡️ How To Protect Yourself

• ✅ Never share OTPs — No real service will ask for them
• ✅ Pause and verify — Call the official source
• ✅ Don't pay for jobs — Genuine jobs don’t charge
• ✅ Use MFA (Multi-Factor Authentication) — Especially for WhatsApp, email, social
• ✅ Educate family members — Elderly, teens, homemakers are often targeted
• ✅ Report scams — Call 1930 or visit: cybercrime.gov.in

---

💭 Final Thoughts

People are the first line of defense—and the most targeted.

Social engineering doesn’t need viruses. It needs your trust.

Stay alert. Spread awareness. Question everything.

---

✍️ Author’s Note

As we embrace the digital world, we forget that threats often wear familiar faces.

This blog was written to raise awareness, not fear.

If even one person pauses before clicking, questions an urgent request, or warns a friend—this effort succeeds.

— Shubhra (Cybersecurity Enthusiast)

🔐 Stay aware. Stay skeptical. Stay safe.

---

🗣️ Let's Talk!

💬 What’s your take?

Have you or someone you know faced something similar? Drop a comment. Let’s discuss and protect each other.

---

© 2025 Shubhra Safi. All rights reserved.