Beware! Most data breaches caused by social engineering fraud

posted on Wednesday, July 7, 2021 in SHAZAM Blog

Entrusted with sensitive information, all financial institutions can agree a data breach would be a nightmare for their organization. Unfortunately, financial institutions are among the top targets for cyberattacks using social engineering.

Data breaches have grown in intensity and frequency since the onset of the pandemic and the FBI reported a 300% increase in reported cybercrimes. Imagine how many others went unreported. To fully understand the scope and vastness of a fraudster’s social engineering toolbox, let’s define what social engineering fraud is and talk about the four types. Please share this information with your staff and accountholders.

What is social engineering
Social engineering is the manipulation of people into performing actions or divulging confidential information. Victims of social engineering are tricked into doing something or divulging information they shouldn’t. Social engineering attacks are so successful that 93 percent of all data breaches can be tied to some type of social engineering.

Types of social engineering
There are four types of social engineering. They can be modified or altered in many ways and sometimes they are even delivered together as part of a large-scale attack. The four types are:

Phishing. Emails are created to appear as if they’ve been sent by a legitimate organization or person. Fraudsters gather personal information found on social media and websites and use it to create realistic messages asking the recipient to click a link, reply to or forward the email. This email might not even be the actual attack — it could be paired with another technique to enhance its realism.

SMiShing. A form of social engineering that uses text messages is known as SMiShing or smishing. When you receive a text with a link from an unrecognized number, it’s best to find the contact information from some other reliable means. Don’t click the link, instead go to the internet and find the sender’s website and phone number. Verify the text is legitimate. If they didn’t send the text, delete it.

Vishing. All phone users are vulnerable to vishing schemes. When someone calls you, meaning they initiate the call to you, and then the caller requests information from you, ask questions to be sure the call is from a reputable organization. Often these calls are placed by a person who identifies as a family member in need of money or someone requesting funds for a business purpose. When you initiate a call to an organization, the situation is different, and the likelihood of social engineering is much lower. 

In person. Social engineering can also occur in person. These fraudsters may represent themselves as vendors, for example, ATM service people, as someone in authority or could even pose as an employee. Once they gain access, they may steal documents, log in to computers or sabotage computer networks.

Protect yourself and your financial institution
Social engineering attempts appear to be authentic and can be convincing which makes things confusing. Don’t become a victim. Train your staff. Educate your accountholders. Be vigilant to reduce data breaches due to social engineering.

SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney. 


comments powered by Disqus