June 25th 2014
Today sees the launch of our new awareness campaign on the dangers of social engineering … run in conjunction with major banks, the National Fraud Intelligence Bureau (NFIB) and Action Fraud.
A type of confidence trick, social engineering is the use of deceit to manipulate or trick you into certain actions including divulging personal or financial information. Examples include phishing emails and fraudulent phone calls asking you for personal or financial information – known as vishing – or phone calls from fraudsters impersonating computer technical support agents.
According to FFA UK, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim. In the first five months of this year alone, some of the UK’s main high street banks have reported losses of over £21 million from vishing attacks on their customers, with over 2,000 vishing attacks resulting in an average loss of over £10,000 per victim.
Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It is a factor in many types of fraud.
Tony Neate, Get Safe Online Chief Executive, says: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering, as schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses. We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”
Alasdair MacFarlane, Head of Customer Security at NatWest, comments: “NatWest are committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We're delighted to be working with Get Safe Online in raising awareness on this important issue.”
Dawn Cornwall, Fraud and Security Manager at Lloyds Banking Group, said: “At Lloyds Banking Group we are committed to making sure our customers’ Internet Banking experience is as safe as possible. We use cutting edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet Banking and a wealth of advice and guidance on our websites. We are really pleased to be working with Get Safe Online on the Social Engineering campaign”.
Alex Grant, Barclays Managing Director of Fraud Prevention, comments: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard earned savings causes great emotional distress, as well has having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and are pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”
The Head of the NFIB and Action Fraud, Detective Superintendent Peter O’Doherty, comments: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not face-to-face but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways to protect themselves.”
Top tips on avoiding becoming a victim of social engineering
- Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem.
- Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID.
- Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or a phone call.
- If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
- Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number.
- If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.
- Do not open email attachments from unknown sources.
- Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
- Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.
For more advice on how to avoid this type of fraud, visit www.getsafeonline.org/socialengineering to watch our online advice videos.