Social Engineering, Sophisticated Phishing & Mandate Fraud: a Guide
Thora Fitzpatrick
08 February, 2021
We are all at risk of social engineering scams and the number of people being taken in by them during the pandemic increased alarmingly. Check out the following blog to find out more about social engineering, phishing and mandate fraud.
In the US digital crime increased by 70% between 2019 and 2020 and many of these incidents involved social engineering.
Would you recognise a social engineering scam?
Would you know what to do about it?
Banks use sophisticated technology and training to block these attacks but are aware that the threats continue.
Would you recognise a social engineering scam?
Would you know what to do about it?
Banks use sophisticated technology and training to block these attacks but are aware that the threats continue.
However, their customers are often unprepared, even though anyone who has an online bank account will be familiar with the authentication requirements and warning messages provided to highlight the risks.
Sadly, the criminals are becoming more sophisticated and are finding ways to convince victims to ignore the warnings they receive.
Information harvesting is probably the oldest and most familiar type of scam, but it’s still very common, often taking the form of phishing, smishing, or vishing attacks via emails with rogue links or false bank account details, texts or WhatsApp messages asking for help, or telephone cons.
RAT scammers use impersonation to encourage you to download software that will allow them to take over your device and initiate a payment.
Sadly, the criminals are becoming more sophisticated and are finding ways to convince victims to ignore the warnings they receive.
What is Social Engineering?
There are three main types of social engineering scam:- Information harvesting
- Remote access tool (RAT)
- Real-time payment
Information harvesting is probably the oldest and most familiar type of scam, but it’s still very common, often taking the form of phishing, smishing, or vishing attacks via emails with rogue links or false bank account details, texts or WhatsApp messages asking for help, or telephone cons.
RAT scammers use impersonation to encourage you to download software that will allow them to take over your device and initiate a payment.
Information harvesting is often involved as well, because the criminals will use details they have about their victims to persuade them that they are legitimate.
Real-time payment or authorised push payment (APP) scams also involve impersonation, this time as a representative from a trusted organisation like your bank, an official agency, or an IT support provider.
Real-time payment or authorised push payment (APP) scams also involve impersonation, this time as a representative from a trusted organisation like your bank, an official agency, or an IT support provider.
They take advantage of people’s fears and vulnerabilities about debt or loss of services, for example, to make them suspend their normal good judgment.
In the first half of 2021, £355million was lost to this type of scam, making it more costly than credit card fraud.
It is doubly hard for the victims because they have often authorised payments or access to account details themselves. This makes it difficult to establish that fraud has taken place and banks aren’t obliged to make repayments.
It is doubly hard for the victims because they have often authorised payments or access to account details themselves. This makes it difficult to establish that fraud has taken place and banks aren’t obliged to make repayments.
How to Tackle Social Engineering Scams
The Contingent Reimbursement Model (CRM) code has been established to reimburse people who have innocently fallen victim to these scams.However, the financial sector is faced with people who falsely claim to have been scammed while victims are frustrated that they can’t obtain a refund.
One study has highlighted some behaviours that can help. They include typing patterns that can indicate whether the user is engaged, frustrated, or is possibly under the guidance of a cybercriminal.
One study has highlighted some behaviours that can help. They include typing patterns that can indicate whether the user is engaged, frustrated, or is possibly under the guidance of a cybercriminal.
Mouse movements can be another indicator that the user is receiving instructions. Logon sessions are often much longer for people who are being influenced by a third party or downloading software.
The payment journey can also offer some useful insights including unusual account activity or payment references. Another important warning sign is when users are on an active call while using their mobile banking app.
Stay Ahead of The Cyber Criminals
Professionals across all industries and especially in corporate security and law enforcement need expert cyber security skills.Firebrand has worked with law enforcement agencies across the UK to create a range of accelerated cyber crime courses - don't waste another moment, get certified today.