Social Engineering Fraud - Questions and Answers PDF
Social Engineering Fraud - Questions and Answers PDF
Social Engineering Fraud - Questions and Answers PDF
answers
Criminals exploit a person’s trust in order to find out their banking details, passwords or other personal
data.
Scams are carried out online – for example, by email or through social networking sites – by telephone,
or even in person.
Mass frauds, which use basic techniques and are aimed at a large number of people;
Targeted frauds, which have a higher degree of sophistication and are aimed at very specific
individuals or companies.
While the scams themselves differ, the methods used by criminals generally follow the same four
steps:
1. Gathering information
2. Developing a relationship
3. Exploiting any identified vulnerabilities
4. Execution
Telecom fraud
Fraudsters obtain the phone number of an individual, often an elderly person, then call them
pretending to be a family member or public service and claiming to be in urgent need of cash.
They ask for money to be deposited in a designated bank account or delivered by hand in order
to settle a traffic accident claim, loan shark debt, or other pressing financial need.
Email scams
Phishing is similar to pretexting, phishing uses a more generic scenario which is sent to a large
number of people in an attempt to draw in as many victims as possible. This is usually done by
e-mail and appears as if it comes from a legitimate source which many people frequent, such
as popular online shopping websites, e-mail companies or computer tech support companies.
The same techniques can also be executed by phone (Vishing) or by text message (SMishing).
Sweepstakes or lotteries
A person receives a message along the following lines: ‘Congratulations, you are the grand
prize winner! To claim your prize, all you need to do is pay a processing fee so we can release
your winnings.’
Very often, names of popular companies or organizations are misused to give the lottery a
trustworthy impression.
Despite making the requested payment, the victims never receive the expected prize winnings.
3 WHO IS TARGETED?
Everyone!
Elderly people are especially vulnerable, but people of all ages, in all countries, from all backgrounds
are at risk. We all need to be alert to the dangers of social engineering fraud, both in our personal and
professional lives, and to take the necessary precautions.
Page 2/4
Social engineering fraud: questions and answers
Criminals exploit a person’s trust or their willingness to help others, or simply use intimidation to
achieve their results.
Despite this, there are some simple steps you can take in order to protect your data.
Individuals
Remain vigilant and take the time to assess any e-mails you hadn’t expected to receive. Be sure to
check carefully the sender’s email address and any URLs, and check the authenticity of the information
against an official source.
If you receive a message you weren’t expecting (even it appears to be from someone you know), or
you get an offer that seems too good to be true:
Likewise, if you receive a phone call you don’t feel comfortable with, do not give any information and
end the conversation.
You can also protect your PC and other devices by setting spam filters to the highest level, and installing
firewalls and anti-virus software – and keeping them up-to-date.
Companies
In addition to the steps described above:
Develop a guide for the handling of sensitive information within your company;
Train your staff on how to recognize the different types of fraud;
Conduct intrusion tests to identify your vulnerabilities and strengthen your security;
Establish relationships with law enforcement and appropriate agencies in order to keep
updated on the latest trends in social engineering;
Make sure that any financial transaction requires more than two authorized signatures from
your company before being accepted by your bank;
Have a point of contact at your bank who is familiar with the transfer destinations of your
company funds (and who can therefore detect any suspicious requests).
Page 3/4
Social engineering fraud: questions and answers
Immediately contact your financial institution and report any unusual activity;
Change any passwords or credentials possibly hijacked. Where possible, choose a second layer
of authentication, for example, combining a password and SMS verification;
Report the incident to police or the appropriate agency in your country;
Save all received and sent emails and text messages;
Save all documents of any transactions and remittances.
Companies
If you think you have revealed sensitive information about your company or organization, follow the
steps described above.
In addition, report the details to the relevant people in your company, including your security and IT
departments.
Page 4/4