Data breaches have grown in intensity and frequency since the onset of the pandemic and the FBI reported a 300% increase in reported cybercrimes. Imagine how many others went unreported. To fully understand the scope and vastness of a fraudster’s social engineering toolbox, let’s define what social engineering fraud is and talk about the four types.
Social engineering is the manipulation of people into performing actions or divulging confidential information. Victims of social engineering are tricked into doing something or divulging information they shouldn’t. Social engineering attacks are so successful that 93 percent of all data breaches can be tied to some type of social engineering.
There are four types of social engineering. They can be modified or altered in many ways and sometimes they are even delivered together as part of a large-scale attack. The four types are:
Emails are created to appear as if they’ve been sent by a legitimate organization or person. Fraudsters gather personal information found on social media and websites and use it to create realistic messages asking the recipient to click a link, reply to or forward the email. This email might not even be the actual attack — it could be paired with another technique to enhance its realism.
A form of social engineering that uses text messages is known as SMiShing or smishing. When you receive a text with a link from an unrecognized number, it’s best to find the contact information from some other reliable means. Don’t click the link, instead go to the internet and find the sender’s website and phone number. Verify the text is legitimate. If they didn’t send the text, delete it.
All phone users are vulnerable to vishing schemes. When someone calls you, meaning they initiate the call to you, and then the caller requests information from you, ask questions to be sure the call is from a reputable organization. Often these calls are placed by a person who identifies as a family member in need of money or someone requesting funds for a business purpose. When you initiate a call to an organization, the situation is different, and the likelihood of social engineering is much lower.
Social engineering can also occur in person. These fraudsters may represent themselves as vendors, for example, ATM service people, as someone in authority or could even pose as an employee. Once they gain access, they may steal documents, log in to computers or sabotage computer networks.
Social engineering attempts appear to be authentic and can be convincing which makes things confusing. Don’t become a victim. Be familiar with how Social Engineering works and be careful about sharing your information.
(Partially reprinted from Shazam.net)
View All Rates
*APR = Annual Percentage Rate *APY = Annual Percentage Yield Rates are subject to change without notice
Read Our Newsletter