What is social engineering?
Social engineering is a technique perpetrators of fraud use in order to lure people into a conduct based on typically human traits such as confidence, curiosity, naivety, fear, greed, etc.
Perpetrators will pretend to be someone else so as to get hold of information and/or to make their victim carry out payments which, otherwise, would be impossible to obtain or would need a much bigger effort or cost much more money.
There are various kinds of social engineering and they all affect our daily life in many ways. You may be a victim of this kind of deception when you are busy internet banking or carrying out an online payment.
What will perpetrators do in order to deceive you?
People who want to deceive you, often will use one of the following techniques:
- Sending a false e-mail on behalf of the CEO
Below are some other examples:
- You are entitled to carry out (major) payments within your company and you receive a false e-mail on behalf of the CEO (or an other senior executive of your institution or one of its confidants). You are asked to carry out major payments (usually to someone abroad) under the pretext of a secret and important foreign transaction (a take-over, etc.), which is strictly confidential and should remain secret to anyone else;
- You are asked to pay an amount of money within the framework of a game. Apparently, you are a lucky winner but first you have to pay the processing cost;
- You receive an e-mail in which you are asked to take part in a game and to make a purchase in order to increase your chances of winning;
- An internet friend asks you to pay an amount of money so that he can drop in or buy a new PC to improve chat sessions.
What will your bank do?
Your bank will do anything to ensure maximum security for internet banking sessions and online payments.
It will also inform you, on this website for example, of the various techniques used for deception.
What can you do?
Always be careful when you are banking or paying online and be vigilant about any aspect of your payments. Here are some tips:
- Only go to websites you are familiar with and refrain from downloading any files or programs you find on websites that are unknown or suspect. Always be cautious when opening an unknown file, a strange looking e-mail or a new program or when clicking on some peculiar links.
- If your antivirus or antispyware program detects a file which looks suspect, immediately delete this file and leave the website from which it was being downloaded.
- Never reply to e-mails in which you are offered an amount of money for disclosing your bank account number or for carrying out an international transaction on behalf of someone else.
- Pay no attention to offers which are too good to be true.
As an employee:
- Pay no attention to questions from people you do not know and who try to find out which person at your company is in charge of making payments.
- Pay no attention to e-mails and telephone calls about payments made by people with whom there is no regular cooperation.
- Pay no attention to requests for unexpected and secret payments.
- In case of doubt, do not hestitate to ask for a personal meeting with the person in charge. Always use a fixed and well-known telephone number to try to reach the person who has called you.
In case of fraud (or a fraud attempt), immediately call your bank and the police.