Transferring money electronically has become today’s most common way to pay bills. Con operators have developed many sophisticated ways, adapting to suit to today’s technology. Whilst that technology has changed, human behaviour has not, allowing people to be psychologically manipulated, exposing their desire to be helpful and respect toward authority.
There are several different methods used by fraudulent operators, it is important to understand each of these and improve our behaviour to prevent these attempts becoming successful.
TYPES OF SOCIAL ENGINEERING FRAUD
Phishing is the most common form of social engineering fraud. The attacker recreates a false website or support portal of a well-known company. Then sends links within emails or social media posts, leading individuals to the fake website to gathering their login information or credit card details.
Most email account providers include spam filters identifying most of these emails nowadays. However, the receiver must always be vigilant of any email seeking login or credit card details, which in most cases are fraudulent.
Spear Phishing is a subset approach related to Phishing. Although similar, it requires more effort from the side of the attacker. They pay particular attention to the uniqueness and limited number of users they target. Resulting in more sophisticated and targeted emails to the recipient.
or fraudulent Social Engineers can be located anywhere within the internet. But many use the old fashion method of telephoning people. This type of approach is named Vishing and uses IVR (Interactive Voice Response) systems, mimicking that of a renown company. They attach the IVR to a toll-free number, tricking people to call the number and entering their details. This method exposes what has become another common practice of people providing their financial details to a trusted telephone system.Imposers
This is method which you may have come across and can be received by email or messages via social media pages. This method uses a scripted scenario, the attacker impersonates another person or known figure. The most common use of this method is sending a fake email or message, using the details of an existing friend or family member, asking for money. In most cases, the attacker has hacked their account or created a fake account.
Similar to the Trojan Horse used by the Trojans, the digital variation of this is to leave a USB drive or optical disk in public places, hoping an individual will pick it up out of curiosity and use it on their device.
A more modern version can also be found on the web. False links to download software are presented to users, tricking them into downloading malicious software and running it on their system.
QUID PRO QUO
Another social engineering method used to access systems or information, is to pose as technical support of a known company or a company’s internal support department.
Attackers contact individuals or company employees regarding a technical issue on their system. The user is tricked into granting the attacker with remote access to their system. In some cases, the attacker will get the individual to perform certain tasks or install software on their system. The attacker may even entice the user by offering a reward or a gift for performing the task.
Once compromised, the attacker is free to control all aspects of the computer and view all information by stealth even after the session has ended.