Social engineering fraud
‘Social engineering fraud’ is a broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.
Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal data.
Scams are carried out online – for example, by email or through social networking sites – by telephone, or even in person.
How can I protect myself?
Remain vigilant and take the time to assess any e-mails you hadn’t expected to receive. Be sure to check carefully the sender’s email address and any URLs, and check the authenticity of the information against an official source.
If you receive a message you weren’t expecting (even it appears to be from someone you know), or you get an offer that seems too good to be true:
- Do not open any attachments;
- Do not click on any links;
- Do not reply;
- Do not send any money;
- Do not send identification documents – not even copies;
- Do not give details of your bank accounts or payment cards;
- Report the message as spam through your internet supplier then delete it.
Likewise, if you receive a phone call you don’t feel comfortable with, do not give any information and end the conversation.
You can also protect your PC and other devices by setting spam filters to the highest level, and installing firewalls and anti-virus software – and keeping them up-to-date.
In addition to the steps described above:
- Develop a guide for the handling of sensitive information within your company;
- Train your staff on how to recognize the different types of fraud;
- Conduct intrusion tests to identify your vulnerabilities and strengthen your security;
- Establish relationships with law enforcement and appropriate agencies in order to keep updated on the latest trends in social engineering;
- Make sure that any financial transaction requires more than two authorized signatures from your company before being accepted by your bank;
- Have a point of contact at your bank who is familiar with the transfer destinations of your company funds (and who can therefore detect any suspicious requests).
If you receive an email from someone claiming to represent INTERPOL, requesting personal information or bank account information, you should ignore it and treat it as spam.
Questions and answers