What's social engineering or online fraud?
It is a method of hacking and fraud that depends on the human element, where the attacker uses his skills to communicate with others and uses deception and psychological tricks to obtain from them the required information so that he can perform the hacking or fraud.
Social engineering usually requires some forms of identity theft in order to gain the victim's confidence. For example, the attacker may impersonate a company employee or a customer relationship official through a social media pages where the fraudster communicates with the victim and often they have some information related to it. They pretend to be bank employees, or other employees of trustworthy institutions, and then try to persuade the victim to transfer money or withdraw cash and hand it over and disclose private information or data (account number, user name, passwords (PIN code, OTP), card number Credit, phone number) noting that financial institutions do not request such information that may be used to access financial resources or sensitive information.
Social engineering types
- Human-based engineering, which are human-based crimes without technology intervention. Examples include:
The attacks that occur through communicating with the victim via phone or social networking sites, where the attacker communicates claiming that he is a person in a position or has the responsibility or authority, and gradually withdraws information from the victim so that he can reach his main goal, which is fraud or hacking.
- spying and eavesdropping
Password and important information can be stolen by observing the victim while typing it, or eavesdropping and listening to a phone conversation, so it is always recommended to avoid writing the passwords and important information on papers or to be communicated with other people.
- Voice fraud (vising)
It is one of the most common social engineering attacks that occurs over the phone, where the attacker calls claiming to be a person with a certain authority, and gradually withdraws information from the victim.
- Technology-based Engineering, which are programs and techniques that help the attacker to access information. For example:
It is one of the most important methods of social engineering, usually it is an emails and social media messages that reaches the victim and contains a link to a fake page that appears completely similar to the official website, and it is possible to ask the victim to enter a password and username and then direct him to the correct page after obtaining the confidential data of the victim.
- Spam mail
It is a large amount of emails and social media messages that are sent with attractive addresses, which contains what can cause service interruption and/or information theft.
How to protect yourself?
- Do not trust any communication process, if it is via a phone call, email, or message via social media from any person who asks you for personal or banking information, and you must verify the identity of this person by contacting the source requesting the information before sharing any information.
- Avoid putting personal information on the Internet as much as possible.
- Do not share your personal information even with those close to you, to protect you and them.
- Make sure to keep your important papers and documents in a secure places, and to destroy it if you don’t need it.
- Avoid interacting with e-mails that contain suspicious links , mobile messages, or on social media.
- Use a strong password for online banking and change it frequently.