Beware of social engineering fraud
Published 16 January 2016
Fraud has been getting a lot more personal in recent years, with criminals using social engineering to dupe their victims.
When it comes to online security, we all know what we should and shouldn’t do: never give out our 4 digit PIN, have a strong password in place at all times and under no circumstances give out sensitive information like our banking details. But it can be hard to remember all of this age-old advice when we get an unexpected phone call, text or email out of the blue and it seems to be from someone who knows who you are.
This technique that fraudsters use to try to coax information out of you is known as ‘social engineering’ and it’s on the rise. To make sure you don’t get duped by this type of fraud, we’ve got a few helpful tips for you.
What is it?
Social engineering is essentially a trick played on an unsuspecting victim to trick them into taking action that they usually would know not to. This approach brings a more human touch to fraud, as the criminal often tries to build a rapport with their victim, getting them to like and trust them throughout the process.
Interpol, the international police agency has identified social engineering fraud as one of the world’s newest fraud trends. There has been an increase in this type of fraud over the last two years, with 2015 seeing reported losses of £675m.
All fraudsters need to orchestrate this type of fraud is a willingness to call up their victims on the phone or contact them via email. They can gain access to a victim’s information by searching through their social media profile or hacking a company’s database.
There are numerous forms that social engineering fraud can come in – you may be called up on the phone by someone claiming to be from your bank (vishing), sent a text message (again supposedly from your bank) claiming that there’s been fraudulent activity on your account (smishing) or asked to give someone remote access to your computer over the phone to fix a virus (phishing).
No matter what form you encounter it, you should always remember the following tips:
• Never under any circumstance give out sensitive information over the phone, via text or email. This includes your 4 digit PIN as well as your passwords and usernames.
• Remember that your bank or any other reputable organisation including thinkmoney will never ask you for your PIN or online password over the phone.
• If the caller asks you to put the phone down and ring them back on the number on the back of your card, if possible, use another phone to call them back. If this option isn’t available to you, wait for five minutes or longer before you make the call – this will ensure the call has been disconnected.
• If you receive an unsolicited email, do not open any of the email attachments or click on any of the links. If you receive a suspicious looking email from someone that you know, verify that it’s them before you continue. Roll your mouse over the link to show its real web address, which will show in the bottom left hand corner of the screen.
• Your bank or account provider will never ask you to give out sensitive information (e.g. your PIN or password) via text. They’ll also never ask you to update personal details by following a link in a text or send you a text message asking you to transfer money to a new account due to fraud.
• A legitimate company like Microsoft will never call you out of the blue and ask to take control of your computer, in order to fix a problem or download software.