(NEXSTAR) – The Federal Bureau of Investigations issued a warning on Friday about Scattered Spider, a cybercriminal group now focusing on the airline sector. This group, also linked to cyberattacks on several Las Vegas casinos in 2023, frequently uses “social engineering” tactics. These tactics involve manipulating people to gain their trust for conducting the attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) of the Homeland Security Department clarifies that social engineering attacks exploit human interaction skills to access or compromise data related to an organization or its computer systems. With this information, attackers may impersonate trusted individuals associated with the victim’s business to obtain further access, according to CISA.

Scattered Spider commonly employs social engineering tactics such as “pretending to be employees or contractors to trick IT help desks into granting them access.” They also may “convince help desk services to approve unauthorized [multi-factor authentication] devices onto compromised accounts,” the FBI reports.

But social engineering can take many forms — and target everyday individuals, rather than just corporations.

“Typically, the elderly are the most vulnerable to social engineering, but they’re not the only victims,” said John Young, a cybersecurity expert and the COO of encryption company Quantum eMotion America. “Lonely people fall prey to romance scams; those who want instant gratification are vulnerable to get-rich-quick ploys; and otherwise savvy people who have a fear of missing out can get taken by investment scams.”

These types of attacks are also incredibly common. Scammers often contact potential victims through emails and texts (aka phishing and smishing scams) or sometimes over the phone, perhaps posing as a bank or an e-commerce company, and asking the victim to verify their personal information or account passwords.

Joseph Steinberg, a cybersecurity expert and the author of “Cybersecurity for Dummies,” says these attacks exploit a weakness in the human brain.

“We’re not wired to perceive threats from far away. … To survive, for most of history, we didn’t have to worry about threats from someone invisible, 3,000 miles away,” Steinberg told Nexstar.

“But people have a tendency to trust technology more than other people,” he added. “If I walk up to you in the street, and I told you your banker told me you need to reset your password, you’d never trust me. But if you get an email from what looks like [a bank]? That could be different.”

It’s also getting harder and harder to differentiate social engineering attacks from legitimate interactions. Artificial intelligence has made it easier for hackers to both gather information on targets and carry out the attacks, as noted by the cybersecurity teams at such organizations as CrowdStrike, IBM and Yale University.

AI can even make it possible for bad actors to create deepfakes (i.e., synthetic photos, video or audio clips that appear nearly indistinguishable from authentic ones) to try and trick victims. Steinberg says he’s seen this tactic demonstrated over the phone, with scammers using deepfake audio to mimic the voice of a victim’s loved one asking for money or sensitive information.

“Every time I’ve seen it demonstrated it works,” he said. “The AIs are that good.”

CISA offers a number of tips for preventing the likelihood of becoming a victim of social engineering attacks, including limiting the amount of personal information you share online, or contacting a bank/company directly (using a phone number provided by the company’s official channels) after getting a suspicious email or text, to verify its authenticity.

Now that AI is in the mix, Steinberg also suggests coming up with a plan to verify the identity of their own family members — and most importantly their children — if they get a suspicious call from a person claiming to be a loved one.

“I’m … going to ask them some piece of information that only my child would know,” Steinberg said.

By understanding these tools, the likelihood of becoming a victim is at least minimized, if never completely eliminated.

“The most important thing is to internalize the fact that you’re a target,” Steinberg said. “If you believe that people may be trying to scam you, you just behave differently.”

Young, too, said a skeptical mindset is especially helpful for the vulnerable populations to adopt.

“I teach volunteer classes for AARP to older citizens, and when I explain that in the old days scammers were known as con artists, something clicks for them,” he said. “It’s true; the scammers of today are just another name for con artists who have been using persuasion and their social engineering skills since the beginning of time.”