Over £21 million lost to social engineering scams since the beginning of the year
21st June, 2014 – LONDON – Get Safe Online, the government and private sector-backed information service on internet safety and security, is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips.
A type of confidence trick, social engineering
is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing
emails and fraudulent phone calls asking for personal or financial information - known as vishing
- or phone calls from fraudsters impersonating computer technical support agents.
According to FFA UK, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim. In the first five months of this year alone, some of the UK’s main high street banks have reported losses of over £21 million from vishing
attacks on their customers, with over 2,000 vishing
attacks resulting in an average loss of over £10,000 per victim.
exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It is a factor in many types of fraud.
Tony Neate, Chief Executive of Get Safe Online, comments: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering, as schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses. We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”
Alasdair MacFarlane, Head of Customer Security at NatWest, comments: “NatWest are committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We're delighted to be working with Get Safe Online in raising awareness on this important issue.”
Dawn Cornwall, Fraud and Security Manager at Lloyds Banking Group, comments: “At Lloyds Banking Group we are committed to making sure our customers’ Internet Banking experience is as safe as possible. We use cutting edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet Banking and a wealth of advice and guidance on our websites. We are really pleased to be working with Get Safe Online on the Social Engineering
Alex Grant, Barclays Managing Director of Fraud Prevention, comments: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard earned savings causes great emotional distress, as well has having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and are pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”
The Head of the NFIB and Action Fraud, Detective Superintendent Peter O’Doherty, comments: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not face-to-face but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways to protect themselves.”
Getsafeonline.org offers a number of tips on avoiding becoming a victim of social engineering
- Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem.
- Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID.
- Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via email or a phone call.
- If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number.
- Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number.
- If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call.
- Do not open email attachments from unknown sources.
- Do not readily click on links in emails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email.
- Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents.