Do you ever go on Twitter and you see people asking for your Mother’s Maiden name or the most beautiful thing about the town where you were born? Sometimes they could get creative and tell you to mention your date of birth without mentioning it. Unsuspecting people would easily fall for this by engaging without knowing that there may be a more sinister intention under such questions. This is a pervasive fraud tactic called Social Engineering.
Social engineering involves using psychological tactics to manipulate individuals into divulging confidential information or performing actions that compromise their individual or company’s security. It typically involves tricking people into giving away personal details like passwords or financial information like credit card PINs. The information is then used to commit identity theft, financial fraud, or other crimes.
Forms of Social Engineering
As is the dynamic nature of all fraudulent tactics, social engineering can take many forms like:
Phishing: Phishing scams involve sending emails or text messages that appear to be from a trustworthy source, such as a bank, government agency, or online retailer, and asking for sensitive information, such as passwords, Social Security Numbers (SSN), credit card numbers, or Bank Verification Number (BVN). The attacker often creates a fake website that looks identical to a legitimate one and tries to ensure unsuspected victims enter their information by offering/asking for help or promising rewards on such websites.
Baiting: In a baiting scam, the attacker leaves an item–already compromised with malware, such as a USB drive, in a public place and waits for someone to pick it up and use it. When the victim inserts the USB drive into their computer, the harmful software is installed, giving the attacker access to the victim’s devices and personal information.
Vishing: Vishing or voice phishing is a type of phishing that involves making phone calls, pretending to be a representative from a trusted organization, such as a bank, and asking for personal information or access to accounts. The attacker often uses a fake phone number and Caller ID similar to a legitimate one to make the call appear to come from the right source and trick victims into divulging private information.
Pretexting: is the use of a fake story, or pretext, to gain the trust of unsuspected victims and trick them into installing malware, transferring money to criminals, divulging sensitive information, such as their social security number or date of birth, or engaging in any activity that can cause them or their companies avoidable and costly harms.
Tips to Avoid Falling Victim of Social Engineering Fraud
Here are ways to avoid falling victim include but are not limited to the following tips.
Be skeptical: Don’t trust unsolicited emails, phone calls, or messages from individuals or organizations claiming to be someone they are not.
Verify information: Before sharing any sensitive information, such as your password or credit card number, verify the identity of the person or organization asking for it.
Be cautious with links: Be careful when clicking on links in emails or messages, especially if you don’t recognize the sender. If in doubt, hover over the link to see where it leads before clicking.
Use strong passwords: Use a strong, unique password for each of your accounts and enable two-factor or multi-factor authentication whenever possible.
Keep your software updated: Regularly update your operating system, web browser, and other software to ensure you have the latest security updates and patches.
Educate yourself: Your bank or financial institution will never request sensitive information over the phone or email as they already have all they need to know. However, being unaware of this might lead to divulging sensitive information unintentionally.
Report suspicious activity: If you receive an email, phone call, or message that seems suspicious, report it to the relevant authorities, such as your bank or the police.
Social engineering attacks are very common and usually succeed because they exploit human emotions like curiosity, aspirations, and fear rather than technological shortcomings. Hence, being cautious, well-informed, and looking multiple times before leaping while interacting, socializing, and working will protect you and your company from falling victim to the plans of bad actors.
Written by Chidiebube Dim with contribution from the Flutterwave Risk Team.