Around the world, an increasing number of individuals are becoming victims of fraud through sophisticated social engineering attacks. This article provides insights into social engineering attacks and how to avoid them.
[note title="Note"]
swissmoney will never contact you to ask for your login credentials.
All our official emails come from <…>@swissmoney.com or <…>@mail.swissmoney.com.
If you have any suspicions, contact our support team who will help you out.
[/note]
What is social engineering?
Social engineering is a deceptive tactic used to manipulate people into giving away sensitive information or performing actions that benefit the attacker.
Furthermore, fraudsters may possess some of your personal information, leading you to believe they are legitimate callers. Usually, they exploit human weaknesses like trust or fear.
Scammers have various techniques at their disposal, but some common ones are:
- Phishing: Attackers send emails or texts that seem legitimate, like from your bank, aiming to trick you into clicking on harmful links or attachments containing malware or taking you to fake websites asking for personal information.
- Pretexting: Scammers create false scenarios, like pretending to be IT support, to gain your trust and ask for sensitive information like passwords.
- Baiting: This scheme offers tempting rewards, such as gifts or discounts, to lure you into clicking on links or downloading attachments that infect your device with malware.
What is the scale of the issue?
According to IBM's 2023 Data Breach report, social engineering constitutes 98% of all cyber-attacks. The data showed that while stolen credentials were common, phishing slightly surpassed them. A total of 1,270,883 unique phishing sites were detected globally.
Moreover, it took almost 11 months (328 days) to detect and contain breaches from stolen credentials and about 10 months (308 days) to resolve breaches by malicious insiders.
What are the scammers after?
Social engineering scams have various goals, but typically, scammers aim for one or more of the following:
- Financial gain: They may try to trick you into sending them money, revealing your bank or credit card details, or transferring funds to fraudulent accounts.
- Identity theft: By obtaining personal information like your name, address, Social Security number, or login credentials, they can impersonate you and commit various fraudulent activities.
- Data breaches: They may target login credentials for work or sensitive systems to gain access to confidential data.
- Installing malware: Malicious software can be used to steal information, spy on your activity, or lock you out of your data and demand a ransom.
- Taking control of devices or accounts: Some scammers aim to gain control of your computer or online accounts to launch further attacks or spread malware.
How do fraudsters exploit social engineering tactics?
Usually, scammers reach out to their targets through phone calls or messaging platforms like WhatsApp and email.
They pretend to be officials from the police, immigration, central bank, or other government agencies, claiming that your personal information or bank details need updating.
Moreover, they might send one-time passwords (OTPs), UAEPASS notifications, or messages from legitimate government departments to deceive you.
In truth, they've registered your mobile number for government services to produce registration messages, notifications, or OTPs.
How to safeguard against social engineering scams
Here are some dos and don'ts for protecting your swissmoney account from social engineering scams:
Dos:
- Use strong, unique passwords. Consider a password manager to help you create and store complex passwords.
- Enable two-factor authentication (2FA). swissmoney enhances security by requiring a verification code, sent via SMS when logging into your accounts. Also, you can use Google Authenticator as a second factor of 2FA.
- Limit the personal information you share publicly on social media, as scammers can use this to personalize their attacks.
- Carefully review OTP messages from us to confirm transaction details and merchant names.
- Exercise caution with callers who prolong conversations or make repeated calls, as they may attempt to prevent legitimate representatives from contacting you.
- Carefully review email content, especially if you're anticipating a response from an organization. Verify the legitimacy of the requests by contacting official sources before disclosing any information.
Don’ts:
- Never add online banking beneficiaries at the request of an unknown caller.
- Avoid clicking suspicious links or opening unknown attachments, as they may contain malware. Hover over links before clicking to check the destination URL.
- Don't rely on caller ID, as scammers can fake phone numbers. hang up and find the company's real phone number to call them back directly, if you're unsure about a call.
- Don't feel rushed. Scammers use urgency to confuse you, thus, take your time and double-check information on your own.
📚Read more: How to Secure Your Crypto Wallet Effectively
[note title="Remember:"]
Neither swissmoney nor genuine authorities like the police, immigration, central bank, ICP/EID, government agencies, and FAB will never request payment card details, OTPs, or account updates over the phone or email.
[/note]
Read more: