Social Engineering

Social Engineering

Don’t get caught by social engineering scams. It’s not just email. It could be SMS, phone calls or social media.

Social engineering is the name given to the techniques used by cyber criminals to manipulate or trick people into divulging confidential information, transferring money or downloading malware.

Social engineering scams can be elaborate and highly convincing. They often impersonate organisations you trust, like your bank or the police, and use snippets of information they know about you to make the scam more realistic. 


Get Safe Online - Vishing scam from Get Safe Online on Vimeo

How vulnerable are you to social engineering?

Do you think you are "Too Smart To Be Scammed?" Find out by taking the quiz!

Take the Fraud Defence Test - developed by the City of London Police - to discover your risk profile and find out how vulnerable you are to cyber, fraud and financial crime. 

 

Top tips to avoid social engineering scams 

  • Never reveal confidential information such as your username, password, or PIN
  • Trust your instincts – if it doesn’t feel right then it probably isn’t
  • It is completely reasonable to verify the authenticity of a caller requesting confidential information for you. Ask for the caller’s name and call back on the telephone number printed on the back of a bank card or on the organisation’s website. Call back from a different phone, such as your mobile or landline.
  • Never open email attachments from unknown sources
  • Never click on links in emails, texts or social media posts from unknown sources
  • If you are unsure about a link in an email, you can roll your mouse pointer over it to reveal its destination, which is displayed in the bottom left corner of your screen. Be careful if the destination is different from what you’d expect from the text of the link in the email.
Remember a bank will never:
  • Ask for your full PIN
  • Ask for your full password
  • Ask you to transfer money
  • Send someone to collect your bank card

What are the different types of social engineering?

What is Phishing?

Fraudulent emails that claim to be from your bank, credit card provider, a government department, or a popular website. A phishing email will try to tempt you to open an attachment, click on a link or divulge confidential information like a password or PIN.

Phishing scams often ask you to take urgent action, for example to log on to a website to avoid your account being suspended. Find out more about phishing.

Phishing is generally used to refer to emails, but phishing techniques can be used in text messages, social media posts and instant messages.

Scams targeted at a specific individual or organisation is known as spear phishing. 


What is Vishing?

Telephone scams that claim to be your bank, credit card provider, police or another trusted organisation. Callers inform you of a problem, such as fraudulent activity on your account, and will typically ask you to confirm confidential information to in order to resolve the situation. The scam may also involve courier fraud, where a "courier" is dispatched to collect payment cards or other records from you.

View the Royal Bank of Scotland's YouTube video on vishing. Another vishing scenario is where you receive a call from someone claiming to IT support for your computer or software. The caller may try to get you to divulge login details or to install malicious software.  

 

What is Baiting?

USB sticks, memory cards, CD-ROM/DVD-ROMs or other storage medium that have been puposely  left lying around and contain malware. 

 

What is SMSishing?

SMSising is phishing using text messages. Scams can be very convincing and SMSishing messages can be made to appear like they have actually been sent from your bank.

You can protect yourself from SMSishing in the same way as you protect yourself against phishing.


Find out more

Phishing is the name given to malicious emails that try to trick you into revealing sensitive information. Phishing emails pretend to be from banks, online shops and other trusted organisations like PayPal or your email account. They usually try to get you to follow a link or open an attachment.

Find out more about phishing.

 

 

Get Safe Online - Phishing Scam from Get Safe Online on Vimeo.



Yes, go to the Get Safe Online Jargon Buster.