Ever received a phone call claiming they are from Baiduri Bank or any other financial institutions asking for your personal details? Well stop before divulging all your secrets – you may be a victim of social engineering.
Social engineering is a tactic used by scammers to obtain sensitive information from unsuspecting individuals by using you as the “human loophole”.
They use a variety of psychological tactics to instill fear, excitement or urgency to gain your trust and manipulate you into giving up sensitive information.
However, no matter how advanced and secure the technology is to protect your account, the best defense will still be you. You need to recognise signs and red flags for social engineering attacks.
In this article, we'll explore different types of social engineering tactics used over phone calls and offer tips on how to protect yourself.
They use a variety of psychological tactics to instill fear, excitement or urgency to gain your trust and manipulate you into giving up sensitive information.
However, no matter how advanced and secure the technology is to protect your account, the best defense will still be you. You need to recognise signs and red flags for social engineering attacks.
In this article, we'll explore different types of social engineering tactics used over phone calls and offer tips on how to protect yourself.
How Social Engineering Tactics are Used Over Phone Calls
They pose as Banks or Government Agencies
Scammers often pose as representatives of legitimate companies or government agencies and try to convince you to provide your information over the phone. They may claim that there is a problem with your account or that you have been selected for a special offer.
They always have a story
They are masters at crafting the perfect story to obtain sensitive information. Some scammers may pose as someone in a position of authority, such as a bank employee. They may claim that there has been suspicious activity on your account and that they need to verify your identity. However some even pretend to be your friend or colleague who is in need of help or in the middle of an emergency.
They bait you with a free gift or prize
Scammers may offer a free gift or prize in exchange for your personal information. They may claim that you have won a prize or that you are eligible for a special offer or discount but first you need to pay or provide certain personal info.
How Do Social Engineering Attacks Work?
Social engineering attacks are relatively straight-forward. All a hacker needs to do is convince one under-informed, stressed, or trusting person to do what they say.
However, they all follow a similar pattern. The four phases of a social engineering attack are:
1. Recognition
Here, the attacker gathers information about you. This can include anything from your social media profiles, things you post and so on. The goal is to identify potential vulnerabilities and find ways to exploit them. The more they know about you, the more likely are you to lower down your guard.
2. Target & Attack
Once the attacker has gathered enough information, they move on to the targeting phase. This is where they select their victim and craft a convincing story that will lure you into giving up your personal information. The story may involve a fake emergency, a plausible reason for needing the information, sometimes creating a sense of urgency or fear or a promise of a reward or benefit.
They may pose as a trusted authority figure, from banks, or government agencies, or even friends or family. The goal is to get the victim to again, lower their guard and provide the requested information.
3. Exploit
Finally, in the exploitation phase, the attacker uses the information they've gathered to carry out their malicious activities.
This may involve transferring out large sums of money, making fraudulent purchases, or even stealing the victim's identity.
4. Retreat
As soon as criminals complete their mission, they’ll vanish with as little evidence as possible. Sometimes, you won’t even know what’s happened until they’re long gone.
However, they all follow a similar pattern. The four phases of a social engineering attack are:
1. Recognition
Here, the attacker gathers information about you. This can include anything from your social media profiles, things you post and so on. The goal is to identify potential vulnerabilities and find ways to exploit them. The more they know about you, the more likely are you to lower down your guard.
2. Target & Attack
Once the attacker has gathered enough information, they move on to the targeting phase. This is where they select their victim and craft a convincing story that will lure you into giving up your personal information. The story may involve a fake emergency, a plausible reason for needing the information, sometimes creating a sense of urgency or fear or a promise of a reward or benefit.
They may pose as a trusted authority figure, from banks, or government agencies, or even friends or family. The goal is to get the victim to again, lower their guard and provide the requested information.
3. Exploit
Finally, in the exploitation phase, the attacker uses the information they've gathered to carry out their malicious activities.
This may involve transferring out large sums of money, making fraudulent purchases, or even stealing the victim's identity.
4. Retreat
As soon as criminals complete their mission, they’ll vanish with as little evidence as possible. Sometimes, you won’t even know what’s happened until they’re long gone.
Tips on How to Protect Yourself
Be Cautious of Unsolicited Phone Calls
If you receive a phone call from someone you don't know, be cautious. Don't provide personal information unless you are absolutely sure that the call is legitimate. If you have any doubts, hang up and call the company or agency directly to verify the call.
Never Share Personal Information
Never share personal information over the phone unless you are absolutely sure that the caller is legitimate. This includes credit card numbers, IC or passport numbers, addresses and other personal information.
Verify the Identity of the Caller
If someone claims to be a representative of a company or agency, ask for their name and employee ID number. Call the company or agency directly to verify the information before providing any personal information.
Stay Informed
Stay informed about the latest social engineering tactics used by scammers. Read up on the latest news and updates, and be aware of the different types of scams that are out there.
Conclusion
Social engineering scams over phone calls are on the rise, and it's important to protect yourself from these types of attacks.
Stay vigilant and stay safe.
Stay vigilant and stay safe.
PUBLIC NOTICES
Secure Online Payments With Baiduri UnionPay Debit Cards.
