Back
|
Print

Social engineering fraud

‘Social engineering fraud’ is a broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.

Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal data.

Scams are carried out online – for example, by email or through social networking sites – by telephone, or even in person.

Types of social engineering fraud

Social engineering fraud can be divided into two main categories:

  • Mass frauds, which use basic techniques and are aimed at a large number of people;
  • Targeted frauds, which have a higher degree of sophistication and are aimed at very specific individuals or companies.

While the scams themselves differ, the methods used by criminals generally follow the same four steps:

  1. Gathering information
  2. Developing a relationship
  3. Exploiting any identified vulnerabilities
  4. Execution

Among the well-known types of scam are:

Telecom fraud

  • Fraudsters obtain the phone number of an individual, often an elderly person, then call them pretending to be a family member or public service and claiming to be in urgent need of cash.
  • They ask for money to be deposited in a designated bank account or delivered by hand in order to settle a traffic accident claim, loan shark debt, or other pressing financial need.

Email scams

  • Pretexting involves creating a scenario to engage a targeted victim; for example, impersonating a bank manager or tax inspector to convince the target to share personal information such as account numbers or passwords. This type of scam requires the criminal to conduct research on the victim, in order for the story to appear plausible.
  • Phishing uses a more generic scenario which is sent to a large number of people in an attempt to draw in as many victims as possible. This is usually done by e-mail and appears as if it comes from a legitimate source which many people frequent, such as popular online shopping websites, e-mail companies or computer tech support companies. The same techniques can also be executed by phone (Vishing) or by text message (SMishing).

CEO fraud / Manager fraud

  • Fraudsters gather publicly available information – usually through the Internet – about the company to be targeted.
  • They find out details of the Head of the company, and those managers and employees who are authorized to handle cash transfers.
  • The criminals use this data in order to impersonate the head of company and coerce employees into making an urgent and high-value cash transfer to a designated bank account.

Hacking of e-mail accounts

  • A cybercriminal hacks into an individual’s e-mail account and sends messages to their friends, relatives or colleagues claiming to be in trouble, for example, and needing money.
  • The recipient is unaware that the e-mail is not actually coming from the person they know, making them more inclined to assist – and thereby assist the criminal in gaining money or accessing their accounts.

Sweepstakes or lotteries

  • A person receives a message along the following lines: ‘Congratulations, you are the grand prize winner! To claim your prize, all you need to do is pay a processing fee so we can release your winnings.’
  • Very often, names of popular companies or organizations are misused to give the lottery a trustworthy impression.
  • Despite making the requested payment, the victims never receive the expected prize winnings.

Other techniques include:

  • Forensic recovery -Analysis of non-securely disposed materials (USB keys, hard drives);
  • Quid pro quo - Exchange of sensitive information under a misunderstanding;
  • Baiting - Leaving an infected storage device to be picked up and plugged into a computer;
  • Tailgating - Following someone to access secured premises;
  • Diversion theft - Redirecting a courier or transport delivery to another location.
News
01 agosto 2016

Ringleader of global network behind thousands of online scams arrested in Nigeria


20 junio 2016

Criminal networks using stolen payment card data targeted in global operation


06 abril 2016

Financial crime focus of Doha conference


31 marzo 2016

Coordinating efforts to better combat cybercrime focus of INTERPOL working group


17 diciembre 2015

Más de 500 detenidos en una operación de INTERPOL contra las estafas por teléfono y por e-mail


03 diciembre 2015

INTERPOL training on detecting fake documents aims to enhance border security


25 noviembre 2015

Experts gather at INTERPOL to identify emerging social engineering fraud techniques


18 noviembre 2015

Indian prime minister and INTERPOL Chief discuss cooperation


18 noviembre 2015

La cooperación internacional para la recuperación de activos, objetivo de la conferencia INTERPOL-StAR


06 noviembre 2015

More than 130 detained in global action tackling airline ticket fraud


02 octubre 2015

Identifying fake documents focus of INTERPOL and Frontex workshop


21 septiembre 2015

INTERPOL training in Senegal tackles corruption and financial crimes


06 agosto 2015

Corruption and financial crime focus of INTERPOL training in Botswana


04 agosto 2015

Illegal online gambling in Asia targeted in INTERPOL operation


02 julio 2015

Forensic document examination focus of Balkans INTERPOL training


29 junio 2015

Global action against online air ticket fraudsters sees 130 detained


05 junio 2015

INTERPOL group to field test new ink dating protocols to aid fraud and forgery investigations


02 junio 2015

UK initiative underlines role of due diligence in securing official documents


19 mayo 2015

Reunión de INTERPOL en Bucarest para marcar el rumbo de la seguridad europea


30 enero 2015

Estonia hosts INTERPOL workshop on anti-corruption and financial crimes


28 noviembre 2014

Global action against online fraud in the airline sector nets 118 arrests


16 septiembre 2014

International cooperation against counterfeit currency and travel documents focus of INTERPOL meeting


22 mayo 2014

El examen microscópico de los documentos de seguridad, tema central de una reunión de INTERPOL


30 abril 2014

Desmantelada con la ayuda de INTERPOL una red criminal implicada en una estafa con tarjetas de pago


If you receive an email from someone claiming to represent INTERPOL, requesting personal information or bank account information, you should ignore it and treat it as spam.

Questions and answers