Social engineering is used to commit fraud
posted by Ben Hayden on Thursday, February 21, 2019 in SHAZAM Blog
According to the 2018 Verizon Data Breach Report, the number of data breaches impacting financial institutions reduced from 24 percent to 7 percent in a year’s time, while other areas including retail, healthcare organizations, education, accommodations and the public sector have increased. Yet, we must remain vigilant.
What is social engineering
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Victims of social engineering are tricked into doing something or divulging information they shouldn’t. Social engineering attacks are so successful that 93 percent of all data breaches can be tied to some type of social engineering.
Types of social engineering
There are four types of social engineering. They can be modified or altered in many ways and sometimes they are even delivered together as part of a large-scale attack. The four types are:
Phishing. Emails are created to appear as if they’ve been sent by a legitimate organization or person. Fraudsters gather personal information found on social media and websites and use it to create realistic messages asking the recipient to click a link, reply to or forward the email. This email might not even be the actual attack — it could be paired with another technique to enhance its realism.
SMiShing. A form of social engineering that uses text messages is known as SMiShing or smishing. When you receive a text with a link from an unrecognized number, it’s best to find the contact information from some other reliable means. Don’t click the link, instead go to the internet and find the sender’s website and phone number. Call and ask about the text. If they didn’t send the text, delete it.
Vishing. All phone users are vulnerable to vishing schemes. When a caller requests information, ask questions to be sure the call is from a reputable organization. Often these calls are placed by a person who identifies as a family member in need of money or someone requesting funds for a business purpose.
In person. Social engineering can also occur in person. These fraudsters may represent themselves as vendors, as someone in authority or even pose as an employee. Once they gain access, they may steal documents, log in to computers or sabotage computer networks.
Protect yourself and your financial institution
Social engineering attempts appear to be authentic and can be convincing … and confusing. Don’t become a victim. Train your staff. Educate accountholders consumers. Keep fighting to reduce data breaches due to social engineering.
SHAZAM, Inc. and ITS, Inc. provide this blog for general informational purposes only. Our blog may be shared by a direct link wherein the content remains as originally presented and has not been altered. SHAZAM, Inc. and ITS, Inc. assume no responsibility for errors or omissions in the contents on the blog. By using this blog, reader agrees that the information published does not constitute nor is a substitute for legal advice which should only be sought from a qualified, licensed attorney.
comments powered by