Social engineering is a form of manipulation used by criminals to trick their victims into giving up confidential information, like banking details.
The South African Banking Risk Information Centre (SABRIC) has warned bank consumers to be wary of social engineers who trick bank customers into divulging personal information they normally would not disclose.
Explaining why criminals use social engineering, SABRIC’s CEO, Ms Kalyani Pillay said, “Criminals use social engineering because they find it easier to exploit our trusting abilities than to try and compromise our information using other means.”
SABRIC urges bank customers to be careful with what information they place on social media platforms.
“Criminals use all available information about their victim when they apply social engineering tactics as it helps lend some credibility to their communication. Once the victim’s trust is gained, it is more probable that the victim will disclose more information,” said Ms Pillay.
She warned the more information the criminals collect, the more convincing their lie becomes, which makes it easier for them to source the information necessary to defraud bank customers.
SABRIC emphasised the importance of tightening security features on social media sites to make it difficult for criminals to steal your information.
While not aimed at extracting personal information from their victims, social engineering skills are also used in other scams to influence the victim to take actions that benefit the fraudster.
“Internet dating scams are prevalent and a good example of how female victims are lured into paying large sums of money to ‘help’ their new romantic interests, only to discover they have been scammed,” said Ms Pillay.
Below are some tips that bank customers are encouraged to utilise to avoid social engineering:
r Never provide personal information in response to an unsolicited request, whether it is over the phone or internet.
r Never provide your password over the phone or in response to an internet request.
r Ensure that no one sees you entering your cellular phone banking password on the phone
r Avoid giving away your verification details aloud in public.
r Do not transfer the line or hand over the phone to a third party after completing self-authentication as cellphone banking is only meant to be used by the account holder.
r Do not reply to suspicious texts or click on unverified links. If the SMS purports to be sent by your bank, call the bank to verify the authenticity of the message.
r Do not log on to any suggested website in the SMS.
r Have different passwords for different accounts, sites and programmes that may store sensitive information.
