Social engineering fraud

‘Social engineering fraud’ is a broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.

Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal data.

Scams are carried out online – for example, by email or through social networking sites – by telephone, or even in person.

How can I protect myself?


Remain vigilant and take the time to assess any e-mails you hadn’t expected to receive. Be sure to check carefully the sender’s email address and any URLs, and check the authenticity of the information against an official source.

If you receive a message you weren’t expecting (even it appears to be from someone you know), or you get an offer that seems too good to be true:

  • Do not open any attachments;
  • Do not click on any links;
  • Do not reply;
  • Do not send any money;
  • Do not send identification documents – not even copies;
  • Do not give details of your bank accounts or payment cards;
  • Report the message as spam through your internet supplier then delete it.

Likewise, if you receive a phone call you don’t feel comfortable with, do not give any information and end the conversation.

You can also protect your PC and other devices by setting spam filters to the highest level, and installing firewalls and anti-virus software – and keeping them up-to-date.


In addition to the steps described above:

  • Develop a guide for the handling of sensitive information within your company;
  • Train your staff on how to recognize the different types of fraud;
  • Conduct intrusion tests to identify your vulnerabilities and strengthen your security;
  • Establish relationships with law enforcement and appropriate agencies in order to keep updated on the latest trends in social engineering;
  • Make sure that any financial transaction requires more than two authorized signatures from your company before being accepted by your bank;
  • Have a point of contact at your bank who is familiar with the transfer destinations of your company funds (and who can therefore detect any suspicious requests).
08 December 2017

Enhancing border security by detecting illicit travel documents

06 November 2017

INTERPOL meeting tackles social engineering fraud

12 July 2017

INTERPOL Dialogue unites public and private sectors to combat cyber and financial crimes

13 June 2017

153 detained for ticket fraud following worldwide law enforcement operation

26 May 2017

Fake document detection training by INTERPOL enhances security in Americas

13 May 2017

INTERPOL and China to explore areas for strengthening security and policing capabilities

23 March 2017

INTERPOL training on fake document detection to boost security in Southeast Asia

10 March 2017

INTERPOL programme to combat financial crimes in forestry sector launched in Indonesia

10 February 2017

Combating money laundering and terrorism financing in West Africa

07 February 2017

INTERPOL and IACA unite efforts in combating corruption

20 January 2017

INTERPOL launches new project targeting African-Asian wildlife crime links

16 January 2017

Digital currencies and money laundering focus of INTERPOL meeting

04 November 2016

Fake document detection focus of INTERPOL training

12 October 2016

INTERPOL training in West Africa to combat money laundering and terrorism financing

28 September 2016

Identifying cybercriminals at core of INTERPOL-Europol conference

08 September 2016

INTERPOL strengthens cooperation in combating corruption in Africa

01 August 2016

Ringleader of global network behind thousands of online scams arrested in Nigeria

20 June 2016

Criminal networks using stolen payment card data targeted in global operation

06 April 2016

Financial crime focus of Doha conference

31 March 2016

Coordinating efforts to better combat cybercrime focus of INTERPOL working group

If you receive an email from someone claiming to represent INTERPOL, requesting personal information or bank account information, you should ignore it and treat it as spam.

Questions and answers