Protect yourself from these social media engineering tactics

In a world becoming increasingly digital and consumers spending their money online, it is crucial to know how to protect yourself from the social engineering tactics scammers often use.

International players like Temu, Shein and Amazon are shaking up the local market, offering attractively lower prices for the latest gadgets or fast fashion through incessant social media advertisements.

The increasing popularity of these online shopping platforms means more consumers are now exposed to e-commerce and possible fraud that may accompany these transactions, George Wandsella, head of operational risk and fraud at TymeBank, says.

“Social engineering is currently one of the most common techniques scammers use in this environment and refers to all the techniques criminals use to exploit your trust to directly steal your money or get confidential information to enable a subsequent crime. The aim is to influence a target to reveal specific information or perform a specific action for illegitimate reasons.”

ALSO READ: How to spot social media job scams a mile away

Consumers are getting smarter, but scammers also

A study by World Wide Worx shows that online spending in South Africa grew by 23% to R71 billion in 2023. Wandsella says as more consumers become online shoppers, cybercriminals are also getting smarter, using various social engineering techniques to scam them out of their hard-earned money.

“Anyone can be a target, regardless of profession, age or social standing and to combat these scams, the importance of education, vigilance and technological safeguards cannot be overstated.”

Wandsella says these are the most popular tactics:

Social media phishing – an increasing trend has been observed where scammers interact with customers on social media channels, such as Facebook, purporting to be bank employees or employees of your favourite retailer.

They inbox the victim impersonating the bank or retailer in an attempt to assist the victim with support queries and then convince them to share their personal information which can be used to log-into their bank accounts.

They could also obtain private information to conduct a SIM swap on the victims number at their mobile carrier which they use to obtain OTP (One Time PIN) security PINs.

ALSO READ: How the ‘get to know me’ social media challenge could end in tears

WhatsApp phishing – WhatsApp has evolved to be one of the most popular channels for communicating and marketing products which makes it a lucrative channel for fraudsters.

The main tactic scammers use is impersonation, disguising themselves as your bank or your favourite retail store, or a courier company, asking for just one click.

Often cybercriminals will cause excitement with a subject line like “Approve your delivery” or it could be an ambiguous financial phrase like “Payment Advice.” 

It is all an attempt to make you curious enough to click on the attachment or link in the email.

The sender appears to be legitimate, but if you click on the link, the page that opens asks you for personal information including passwords, that fraudsters will then use to access your accounts or commit other fraud. There is also a risk of malware being downloaded on the phone.

Smishing – one of the most popular methods cybercriminals use is text messages to try and trick you into clicking on malicious links, a method known as “Smishing.”

For example, they will send a fake text message that says a package is unable to be delivered to you due to incomplete information or maybe you need to settle a balance for your order to be completed.

The text typically contains a link and a sense of urgency to the message, such as “you must use the link to confirm your delivery information within 12 hours in order to receive your package”.

If you follow the instructions and open the link, you will be taken to a web page that appears to belong to the package carrier or a payment website.

“You will be asked to enter your personal or financial information on the website. However, the website is fake, so entering your personal details will allow cybercriminals to steal this information.

ALSO READ: FSCA warns that scammers are impersonating financial services providers

Vishing – short for “voice phishing”, vishing is a phone-based cyberattack where scammers use the phone as their tool for attack. During a vishing phone call, a scammer may impersonate your bank or the retailer to try and get you to share personal information and financial details, such as bank account numbers and passwords. Vishing is often combined with social media or WhatsApp scams.

Avoid falling victim to phishing, smishing or vishing

Wandsella says your best defence against these tactics includes the strict scrutiny of all communication, especially those containing links related to account details, deliveries or invoices.

” Scrutinising electronic communications and being wary of suspicious links are essential practices that can mean the difference between staying safe online and falling victim to a scam that could result in financial loss, identity theft or compromise of sensitive data.”

He emphasises that you must never give your confidential banking information such as OTPs, bank card PIN, as well as login and PIN for your banking Apps to anyone. The bank will never ask you for this information.