International Fraud Awareness Week is an initiative that promotes a global effort to minimise the risk of fraud through awareness and education. This year the initiative is taking place between the 14 -20 of November. The main purpose of the initiative is to encourage businesses to be more proactive and train their employees. But as well as a professional awareness it extends to our personal lives and everyday occurrences. Since the pandemic began our activity online has significantly increased. We have become more reliant on technology than ever before. This increase in activity has resulted in more attacks by cybercriminals. As technology has advanced so has the access to resources cybercriminals have. Their methods are becoming increasingly sophisticated so it’s important to keep up to date with the changes so that you don’t fall victim. In this blog, we will be discussing the most common form of online fraud which is social engineering. We’ll cover what it is, the most common ways that it is carried out, and the steps you can take to ensure that you know how to spot a scam.
What is Social Engineering?
Social engineering is a manipulation technique where an attacker uses a pretense to convince victims to share sensitive personal information.
Social engineering relies on actual communication between the attacker and the victim whereby the attacker will motivate the victim into compromising themselves. Once the attacker has been successful in doing so, they can expose personal data, infiltrate the user’s accounts with malware infections and gain access to their restricted systems.
When attackers have conversations with victims, they gain an understanding of the motivations of the users’ actions which enables them to create a plan on how to deceive and manipulate the user effectively.
Let’s look at some of the common methods that are used by social engineering attackers.
Common methods used by social engineering attackers:
The most common method that most individuals will be aware of is Phishing Attacks.
The term phishing is mainly used to describe attacks that arrive by email. These emails are created to look like it has come from a trusted source.
Some of the most common examples that you may see are emails claiming that they are from HMRC or TV Licensing.
Sometimes it may be difficult to determine if an email is a phishing one by just looking at the content because some of them can be very well copied, but there are things you can look out for which will confirm whether it should be trusted or not.
How to spot a phishing email:
Always look at the email address, these are usually spelled incorrectly or come from emails that are completely unrelated to the content.
If you are unsure about the email don’t click on any links or open attachments as these can potentially contain malware that will infect your device.
Proofread the email it may well be that it is full of grammatical errors and spelling mistakes, this will give a clear indication that it has not come from a legitimate source. Organisations will have teams that draft emails and do their proofreading so it’s unlikely a real email will have that many mistakes.
Finally, the email will seem unusually urgent, it will spark fear or demand which may cause you to make a rash decision. Make sure you follow the steps above or contact the organisation via the phone to confirm what the email is saying is true.
The second most common attack that you may be aware of is Voice Phishing.
This is when a cybercriminal will call an individual pretending to be from a reputable company, who will try to ask for personal information with a sense of urgency. These calls will normally come from a blocked number or a fake or spoofed phone number.
The criminals on the phone will try to get you to disclose sensitive information over the phone such as your account numbers or passwords.
Some other common examples are criminals pretending to be a supposed charity that is requesting donations or claiming to be tech support.
Steps to take to avoid voice phishing:
Only pick up phone calls from numbers that you recognise.
Think before you speak – if you receive a phone call from an unknown number or familiar name you weren’t expecting a call from, don’t share any personal information not even your date of birth.
If you are worried a phone call is a scam, hang up – calling the number back will only reconnect you with the scammer, look up the correct number through an organisation’s website or directory to confirm the call.
The next one we are going to look at is SMS Phishing.
With this method, cybercriminals fool you into providing them with your personal information via text message by sending a suspicious link.
Common examples include the COVID pass where cybercriminals are using links to make people pay £4.99 or from parcel delivery companies asking for a delivery fee.
How to spot SMS Phishing:
Always be vigilant, think about the nature of the message were you expecting it? Most delivery companies will give you tracking updates via email and only via text message if you provide your telephone number. Remember that you would have already paid your delivery fee at the time of purchase so this will never be requested again.
If you are unsure or have suspicions about the message and the links that it contains, don’t click on anything. Do some research about the number it came from or contact the organisation it’s claiming to be from to prove its validity and verify the sender.
Online Dating Scams
This method of online fraud may be less common to many but there has been a significant increase in online dating methods especially since the pandemic hit.
If you do use these sites, ensure that you are wary of the people that you talk to, they may seem interested, to begin with, but as time goes on, they will start to make stories about how they would like to visit you or aren’t very well and need money for treatment. Many of these reasons will not be legitimate it is just an excuse to get money sent to them.
Things to be mindful of when using online apps:
Make sure you avoid sending money to someone you have never met in person, a lot of the time online people pretend to be someone else, you may think you talking to someone but in real life, they could look completely different.
If you get the sense that someone that you are talking to online is trying to scam you then the best thing to do would be to cut all your communications with them. The likelihood is that they are doing this to several other people.
Those were just a few examples of some of the methods that are used for Social Engineering. International Fraud Awareness Week is all about education and keeping up to date with the changes. If you continue to be mindful of the above, you can protect yourself from becoming a victim of social engineering. If all users are aware of what to look for and the steps to take, then our online safety as a collective will no doubt improve. Make sure you raise awareness around the topic by sharing what you’ve learned with your peers, friends, and family.
For more information or guidance against common threats make sure you visit the NCSC website.
If your organisation needs training or a phishing simulation then contact us here to find out more.