Social Engineering Fraud

  • CERT Admin
  • Thu Sep 28 2017
  • Cyber Guardian Blog

 VOLUME 74 

  


‘Social engineering fraud’ is a scam used by hackers or fraudsters to manipulate their victims into giving out confidential information and funds. They may exploit a person’s trust to find out their banking details, passwords or other personal data. This can happen in so many ways and some of these techniques are explained in this article, 

  

Email scams 

  


There can be two types of Email scams. 

One of these is called Pretexting which is used to target a specific victim in order to get their personal information such as account numbers or passwords. Some of the similar scenarios are when the attackers impersonate the bank managers and send Emails to their clients with the intention of gaining their trust as the bank to get the bank account information. 

Phishing is another type of scam which can be done using an Email. This email might act as an email from a legitimate organization involving in an online transaction business but although it looks as if it can be trusted it might not be. 

  

Ransomware 

  


Ransomware is a type of malware that locks users from accessing their data in their computer or any mobile device. In order to unlock their data, the users must pay a certain amount of ransom, this is mainly done by the payment method which uses Bitcoin. Although paying is an option for recovering your data, we do not recommend payment because there is no guarantee the attackers will keep their promise. 

Hackers targets to install malicious software on their computer that will encrypts all their data. But the victim might not be able access since hacker has locked them, and the software then also explains that the computer is now locked and demands a ransom before the hacker will unlock the computer for you. Victims are directed to a particular site or to call one particular number, and blackmailing the victims for money. Payments are demanded by credit card, bank transfer, a money transfer service. But sometime the hacker will not unlock the computer even though the hacker has received the money which was demanded, so finally they will have both your money and your data which will harm you. 

  

Manager Fraud 

Fraudsters might want to gather information of company employers or employees through the internet to use them for an illegal activity. These fraudsters might specifically target employees who handle sensitive or fund information in the company. This collected information can be used to damage the reputation of the company, employer or employees and other damages such as transfer of funds to another bank account for their benefit. 

  


Sweepstakes or lotteries 

If you get a message to your computing device as ‘Congratulations, you are the grand prize winner! To claim your prize, all you need to do is pay a processing fee.’ It is not recommended to pay the requested fee as this might only be a trick to get your bank account details or the fee, the victim might never get the prize. This is a very common form of a social engineering technique used to get the trust of the internet users. 

  

  

By:

Minoza Mohamed 

Minoza is an undergraduate of Sri Lanka Institute of Information Technology who is currently following BSc(Hons) IT Specializing Information Technology. Currently he is working as Intern - Information Security Engineer at Sri Lanka CERT|CC 

   

Last updated: Thu Sep 28 2017