Training

Social engineering awareness

by Mark Rowe

Get Safe Online, the UK information service on internet safety and security, is raising awareness of ‘social engineering’ scams through videos offering advice and tips.

A type of confidence trick, social engineering is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing emails and fraudulent phone calls asking for personal or financial information – known as vishing – or phone calls from fraudsters impersonating computer technical support agents.

According to FFA UK, about 23pc, near one in four, of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim. In the first five months of this year alone, some of the UK’s main high street banks have reported losses of over £21m from vishing attacks on their customers, with over 2,000 vishing attacks resulting in an average loss of over £10,000 per victim.

Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, ga​ining something of advantage or willingness to please others. It is a factor in many types of fraud.

Tony Neate, Chief Executive of Get Safe Online, says: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering, as schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses. We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”

Alasdair MacFarlane, Head of Customer Security at NatWest, says: “NatWest are committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We’re delighted to be working with Get Safe Online in raising awareness on this important issue.”

Dawn Cornwall, Fraud and Security Manager at Lloyds Banking Group, says: “At Lloyds Banking Group we are committed to making sure our customers’ Internet Banking experience is as safe as possible. We use cutting edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet Banking and a wealth of advice and guidance on our websites. We are really pleased to be working with Get Safe Online on the Social Engineering campaign”.

And Alex Grant, Barclays Managing Director of Fraud Prevention, says: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard earned savings causes great emotional distress, as well has having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and are pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”

The Head of the NFIB and Action Fraud, Detective Superintendent Peter O’Doherty, says: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not face-to-face but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways to protect themselves.”

Some tips

Getsafeonline.org offers tips on avoiding becoming a victim of social engineering:

Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem.
Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID.
Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or a phone call.
If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number.
If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.
Do not open email attachments from unknown sources.
Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.

About Tony Neate

In a 30-year police career he was responsible for industry liaison within the National Hi-Tech Crime Unit, remaining there when it became a part of SOCA (now the NCA). He retired from the police in 2006 and took up his current position. ​

For more advice on how to avoid this type of fraud, visit www.getsafeonline.org/socialengineering.

Visit also – http://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/nfib/nfib-news/Pages/social-engineering.aspx

Related News

  • Training

    Spear phishing advice

    by Mark Rowe

    Recent research suggests that so-called spear phishing attacks are behind over 90 per cent of cyber-attacks on organisations, according to Tend Micro.…

  • Training

    Spring roadshow

    by Mark Rowe

    Hikvision is set to tour the UK and Ireland for its Spring 2017 Roadshow on the theme “Innovating technology, partnering for success”.…

  • Training

    IFSEC 2018 hailed

    by Mark Rowe

    UBM EMEA, owners of the annual IFSEC International exhibition, have hailed the 2018 show, describing it as the inaugural year of change…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing