Social Engineering: do you know how to spot a fraudster?
With emphasis being placed on data protection through the new GDPR laws, we want to help keep you safer online.
Do you know who you're actually talking to on the other end of the phone? Does an email or text message look genuine? Be vigilant. Thieves now have various clever ways to steal information for fraudulent purposes. Read on to learn how to protect your organisation from fraudsters. These tactics are known as social engineering, and it's on the rise. What you need to know Fraudsters use various techniques to get information, including:
Phishing – email
Smishing – text messages
Vishing – phone conversation.
Phishing: Emails may create a sense of fear, urgency or opportunity to encourage recipients to click on a link or open an attachment that then infects their machine with a virus or malware. This then allows criminals to steal information or money and/or disrupt a computer system. While many fraudsters act randomly, some target specific groups of employees or customers. This is called spear phishing. One example is CEO fraud, where criminals impersonate senior executives and instruct colleagues to transfer money to them.
Another tactic is payment diversion fraud. Criminals will send an email claiming to be from a supplier. It says its bank details have changed so funds should be transferred to another account instead. Don't reply to these emails. Always take the extra step of verifying any requests through an alternative communication method. Smishing: Text messages may claim that your bank suspects there has been fraudulent activity on your account, that you are in trouble with tax authorities, or have won some money. Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts from reaching their intended target. Vishing: Fraudsters will often create a sense of panic to get a quick response over the phone. They may pretend to be a colleague or a customer in a rush or requiring urgent assistance. Fraudsters may call you pretending to be from your bank. They may try to direct you to perform actions which would enable unauthorised payments to be sent to the criminal. This could include providing security codes generated from your token. What you can do It is important that you raise awareness of the potential impact of social engineering within your organisation, and implement a policy for reporting suspected cases. Top tips to stay safe from social engineering:
Never share financial or company information with people you don't know
Don't be rushed into making a quick decision
Never click on links in text messages or emails, or open or download attachments, unless you are sure they are safe
Be careful about the information you share on social media as this can provide fraudsters with many small pieces of information that make a bigger picture
Always call phone numbers you know and have checked. If someone claims to be a colleague, check their name on your organisation’s staff directory and call them back on their internal telephone number
Under no circumstances will your bank ever ask you to divulge any of your security details over the phone, by text message or via email. If you are ever doubtful contact your bank immediately to check the authenticity of incoming telephone calls, texts or emails.