How To Avoid Social Engineering Attacks!
When talking about online safety and security, ‘social engineering’ means the act of manipulating or tricking people into certain actions including divulging personal or financial information … a kind of confidence trick.
Social engineering exploits human nature and often plays on victims’ willingness to be helpful, or please others. It is a factor in many types of fraud.
Get started...Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem.
Social engineering can be elaborate and is generally highly convincing, with approaches usually made by somebody you trust or in authority. It is sometimes made more believable by snippets of information which the fraudsters already have about you.
Private individuals and businesses can both be victims of social engineering.
Examples of Social Engineering:
Responding to a fraudulent email claiming to be from your bank or credit card provider, a government department, a membership organisation or a website you buy from, telling you that you need to follow a link to supply some details – typically a password, PIN or other confidential information. This is known as phishing.
Supplying details to a fraudster who has phoned you claiming to be from your bank or credit card provider, or from the police and telling you there is a problem. They ask you to confirm confidential information in order to solve the problem. This is known as 'vishing'. They may even despatch a ‘courier’ to collect payment cards or other records from you, known as courier fraud.
Receiving a phone call from somebody claiming to be a legitimate support agent for your computer or software, and telling you that you have a technical issue. They sound genuine, so you give them your login
details which can result in fraud or identity theft. Alternatively you permit them to take over your machine remotely, resulting in them infecting it with a virus or spyware.
How to Avoid Social Engineering AttacksNever reveal personal or financial data including usernames, passwords, PINs, or ID numbers.
Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or phone call.
If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
If you are asked by a caller to cut off the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card – but be sure to use another phone from the one you received the call on. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.
Do not open email attachments from unknown sources.
Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.