Online safety

Social engineering

Social engineering means stealing information without using technical hacking methods. It is a form of cyber crime and relies on human interaction and tricking people into breaking normal security procedures.

It is a targeted type of scam where fraudsters manipulate their victims into sharing confidential information, through, for example:

  • fake emails
  • phone calls
  • texts or
  • posts.

It frequently involves piecing together information from various sources such as social media and intercepted correspondence to appear convincing and trustworthy. Fraudsters use these personal details to steal people’s money or identity.

The often complex nature of the attack makes it extremely difficult to spot a scam before it is too late and figures from the National Fraud Intelligence Bureau show incidents of social engineering have risen by 21% in one year - it is one of the greatest threats faced by individuals and organisations

To stop more people falling victim to social engineering, the Get Safe Online campaign is urging people to ‘Think Twice Before You Act’.

  • Never give out personal or financial data such as, usernames, passwords, PINs, ID numbers or memorable phrases.
  • Be careful with the people/organisations you supply confidential information to are genuine.
  • If in doubt, cut the call and phone your bank or card provider (using the number on your bank statement) – but use another phone or wait at least five minutes in case the line has been left open.
  • Don’t open attachments or click on links in emails from unknown sources – they could contain malware. Delete them, and report the details if appropriate.
  • If you get an email from someone you know, but it seems unusual, double check the email address – the sender may be a fraudster who’s spoofed the address. If in doubt, call (not email) the person to check.
  • Don’t attach external storage devices like USB sticks, hard drives, CD-ROMs/DVD-ROMs if you’re uncertain of the source – they may contain malware.
  • If you have been a victim of fraud or spot irregular activity on your account, contact your bank straight away.
  • Report any fraud to Action Fraud or by calling 0300 123 20 40.
  • Also report fraud to any website or ISP (internet service provider) where you’ve been defrauded. This applies however large or small the amount: it could protect others - the proceeds of fraud are often used to fund terrorism and human trafficking.

For more detailed tips to avoid online and phone scams and identify theft visit the Get Safe online website.