Categories
Blog

The Dangers of Social Engineering

Protect yourself against scams: The dangers of social engineering

Have you heard of social engineering, vishing and smishing? Take a few minutes to learn about these threats, and protect your identity and information online.

What is social engineering?

Social Engineering is the act of tricking someone into divulging information or taking action, usually by engaging them by email, phone or text messages.

What makes social engineering dangerous is that it relies on mistakes made by legitimate users which are much less predictable and this makes them harder to identify.

What is vishing?

Vishing is the practice of eliciting information or attempting to influence action via the telephone. The goal of vishing is to obtain valuable information by exploiting people’s willingness to help. Attackers can “spoof” (i.e. forge) phone numbers and pose as a figure of authority to obtain sensitive information. Some attackers may even use voice changers to conceal their identity.

Your NRIC or passport numbers, home address or other personal information may be obtained this way. This information could then be used for further information gathering or to gain access to your various accounts.

How to spot a vish?

  • Information: The criminals already have your name, address, phone number or bank details. However, they may ask you for a password, credit card details or other information.
  • Urgency: You are made to believe the request is very urgent, or that your money is in danger and you have to act fast.
  • Phone spoofing: Cybercriminals use convincing phone numbers or sender details to increase the chances of you picking up or responding.
  • Holding the line: Cybercriminals can take over your phone line, so if you hang up then make another call to verify the one you just received, you’ll go straight back to the fraudsters.
  • Atmosphere: You may hear a lot of background noise, so it sounds like you’re being called from a call centre – or it could simply be sound effects.

What is smishing?

Smishing is phishing that involves a text message. Smishing is particularly scary because people tend to be more inclined to trust a text message than an email. Most people are aware of the security risks involved with clicking on links in emails, but this is less true when it comes to text messages.

How does smishing happen?

Smishing uses elements of social engineering to get you to share your personal information. This tactic leverages your trust in order to obtain your information. The information a fraudster is looking for can be anything from an online password to your credit card information. Once the fraudster has this information, they can often start applying for new credit in your name. Another option used by fraudsters is to say that if you don’t click a link and enter your personal information, you will be charged per day for use of a service. If you haven’t signed up for the service, simply ignore the message.

How to stay safe? Prevention at work, and at home

  • Always access and check your accounts regularly.
  • Do not reply to the call or SMS directly.
  • Never click on links in SMS messages or emails from unknown senders.
  • If you are suspicious of a call or SMS, research (and validate) the source – do not use the contact details within the call or message.
  • Never give information that the caller/sender asks for. This includes credentials, card details, your card expiry date, CVV, PIN or mother’s maiden name. For calls, inform the caller that you are not authorized to provide this information.
  • Be mindful of how you describe your role or share personal information on social media. Increase your privacy settings on these platforms.
  • Be alert and vigilant – trust your instincts if the call just doesn’t feel right!

Learn to be wary of scams and identify real opportunity if approved by Singapore Government only.