Social engineering means the act of manipulating or tricking people into certain actions including divulging personal or financial information. Social Engineering exploits human nature and often plays on victims’ willingness to be helpful, or please others. It is a factor in many types of fraud.
A few examples of social engineering techniques might be:
- Fraudulent bank, card provider, government department and others asking you to open a link in an email to update details such as give a password.
- Phone call claiming to be from your bank or credit card provider, or from the police and telling you there is a problem. They ask you to confirm confidential information in order to solve the problem.
- Receiving a phone call from somebody claiming to be a legitimate support agent for your computer or software, and telling you that you have a technical issue. They sound genuine, so you give them your login details which can result in fraud or identity theft.
However social engineering techniques are never the same and will take many different forms.
How to Avoid Social Engineering Attacks
Never reveal personal or financial data including usernames, passwords, PINs, or ID numbers.
If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number. If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card – but be sure to use another phone from the one you received the call on.
Be very careful that people or organisations to whom you are supplying payment card information are genuine. Remember that a bank or other reputable organisation will never ask you for your password via email or phone call. Equally do not open email attachments from unknown sources. You can roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.