What’s a hack, and what’s a scam? People use these words interchangeably, but they’re actually not the same.
A hack is when someone gains unauthorized access to a computer system, or network, or data. It’s about exploiting vulnerabilities in software and hardware, usually to gain information, and sometimes for money, but usually not. It’s the data they’re after. And hacking requires technical skill, the kinds of skills that most of us don’t have.
Hackers generally target companies that store vast quantities of information about lots of people, because that’s where hackers are going to get the most bang for their buck. They’ll steal stuff like people’s credit card information, social security numbers, and even their medical history. But they don’t necessarily do anything with this information themselves.
A scam, on the other hand, is about deception. It’s when someone manipulates a person or an institution into giving up money. And scammers sometimes use information they get from hacks to make the con happen. The only skill required to be a scammer is to be a smooth talker, and that doesn’t require years of technical training.
Social engineering: the in-between
In the middle ground between hacks and scams we have social engineering, when a hacker or scammer tricks a person into giving up sensitive information, usually by impersonating someone they would ordinarily trust.
Two of the most common flavors of social engineering are phishing and baiting. Phishing is when you get an email pretending to be from a legitimate company, with a link that sends you to a fake website, or initiates a download of malware. If it’s a fake website, they want you to enter your password for the real website, or personal information like a social security number or credit card number.
Baiting is when the email offers you a prize, something valuable like an iPad or a laptop, to get you to click the link and go to some website. But you find that before you can claim the prize, you have to enter your name and address, and pay a small shipping fee, so please enter your credit card number. And then you find out you didn’t really win the prize, you were entered to win a prize. But can we offer you some magazine subscriptions or maybe some Viagra or something? Doesn’t matter, we’re going to charge them to your credit card anyway, because some percentage of people won’t notice the charge in time to get it reversed.
Both phishing and baiting can also extend to messages received on your phone, where you receive a message telling you that a package has been held up at the postal service, or the fraud department at your bank has detected some fraudulent activity, or you’re being offered a nice easy high-paying job, or you have a toll or unpaid taxes or any number of other kinds of messages designed to get you to act quickly.
These examples are more like scams, because it’s about getting people to do things. If you give up your information willingly, but under false pretenses, that’s a scam. Where social engineering crosses the line into hacking is when it’s used to gain access to large bodies of information through exploitation of hardware and software.
As for the difference between hacks and scams, an easy shorthand is to think of a hack as software requiring skillful technical expertise, and a scam being an activity that convinces someone to do something, like give up a password.
