Do not get caught by social engineering scams. It’s not just email. It could be SMS, phone calls or social media.
Social engineering is the name given to the techniques used by cybercriminals to manipulate or trick people into divulging confidential information, transferring money or downloading malware.
Social engineering scams can be elaborate and highly convincing. They often impersonate organisations you trust, like your bank or the police. They use snippets of information they know about you to make the scam more realistic.
Top tips to avoid social engineering scams
- never reveal confidential information such as your username, password, or PIN
- trust your instincts, if it does not feel right then it probably is not
- it's completely reasonable to verify the authenticity of a caller requesting confidential information for you:
- ask for the caller’s name and call back on the telephone number printed on the back of a bank card or on the organisation’s website
- call back from a different phone, such as your mobile or landline
- never open email attachments from unknown sources
- never click on links in emails, texts, or social media posts from unknown sources
- if you are unsure about a link in an email, you can roll your mouse pointer over it to reveal its destination, which is displayed in the bottom left corner of your screen; be careful if the destination is different from what you’d expect from the text of the link in the email
Remember a bank will never:
- ask for your full PIN
- ask for your full password
- ask you to transfer money
- send someone to collect your bank card