Social engineering is the number 1 attack method used by hackers and scammers alike. The types of information gathered by social engineers can vary but primarily it is used to steal banking information or to install malicious software on your computer.
What is social engineering?
Essentially, social engineering is a method of manipulating a person or people in to performing actions or disclosing personal information.
These criminals use a variety of techniques to trick and fool you into handing over this information. See below examples.
- Trust – A criminal may start emailing you and building a trusting relationship over time before they start asking for money.
- Fear - A common tactic in Australia is pretending to be the ATO or another government agency and saying that you owe large sums of money or you have a criminal charge against you, and you need to pay. Another one is “Microsoft” calling you to say that you have a virus on your computer, and they will fix it for $300.
- Enticement – It could be the offering of a product or service for free in order to gather more information about you or saying that you’ve won a $500 Bunnings gift voucher, or that you’ve won an international lottery.
- Existing relationship – Hackers could have been inside your email account for months, watching who you email, how you talk with them and what you talk about. They use this information to further their scam. In some cases, hackers will pretend to be a friend, colleague or family member to scam you.
- Bait – Not all social engineering is done through chat, email or phone services. A lot are also done on website ads and dodgy websites. Examples of banner ads may be - “Click here to get 80% off your next purchase” or “Can you beat this game to win a new iPhone?”.
- Romance – Unfortunately, this is a BIG one! Hackers will seek you out on social media and dating websites, establish a loving online relationship, play on your emotions and try to get you to provide gifts or sums of money.
It is very important to always be vigilant of websites, emails, social media and phone calls.
One key thing to remember is the age old saying “If it sounds too good to be true, then it probably is”.
Tips to combat social engineering
- Phone calls – When in doubt, always ask for a return phone number and reference number. If they cannot provide one or the information supplied sounds risky, hang up immediately. Never give away personal information over the phone.
- Websites – Be sure you are clicking safe links from genuine sites. This can be a hard task to achieve, especially if you aren’t tech savvy. We recommend a free browser extension from Microsoft called Windows Defender Browser Protection that actually scans links and will tell you if they are unsafe.
- Email – Check the senders email address and confirm it is correct and be vigilant of attachments on emails (especially word documents and zip files). Most scammers come from overseas and speak English as a second language, so be on the look out for poor grammar, spelling and phrasing or contact details that are not an Australian reference.
Your bank will NEVER contact you and ask for account details.
The ATO will NEVER contact you via phone or email and threaten you will go to jail for non-payment. (The ATO will generally contact your Tax Agent as first port of reference)
Bunnings does not give away $500 gift cards.
The Prince of Nigeria doesn’t need you to assist with an investment opportunity.
Try and confirm the actual existence of any person you meet on dating sites – Catfishing is the new craze.
When in doubt – don’t