The Risks of Social Engineering

The Risks of Social Engineering

According to the latest figures, Facebook—the world’s most popular social network—has 1.51 billion active mobile users. For fraudsters and cyber thieves, this is a huge market for potential social engineering fraud.

Internet security firm BullGuard defines social engineering as “the use of deception and manipulation to obtain confidential information. It is a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.” Fraudsters who use this technique rely on people remaining unaware of the value of the information they possess, meaning they can be careless about protecting it.

Online social networking sites often collate data on individuals or encourage users to share personal information which can be used for fraudulent purposes. Criminal gangs and fraudsters are able to quickly build a profile of an individual—using only a mobile phone and online information—to bypass security protocols and gain access to personal details such as email addresses and bank accounts.

The latest statistics from CIFAS—the UK’s fraud prevention service—suggests that the number of victims of identity theft has increased by 57% in the last year. The 2016 research indicated there were approximately 148,000 victims who had their identity stolen by thieves using social engineering and the victim’s social media profiles to steal personal information. With 85% of all reported identity thefts occurring online, people need to be made aware of the dangers that exist by using their mobile phone to share private information.

Tony Neate, CEO of Get Safe Online says, “Social engineering is becoming ever more targeted and personal, which is why it is no surprise that the number of cases is on the rise. What is worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic – if we get an email purporting to come from someone we trust (such as our bank) about something that is emotive to us all (money) and then demand that we act urgently, it is almost like the perfect storm. We would encourage people to think twice before they act and not to let panic override common sense.”

The UK government’s Fraud Costs Measurement Committee (FCMC) reports that fraudulent activity costs the UK economy £193 million a year, equating to more than £6,000 per second.  With mobile phones and social media networks now playing a more integral part in everyday life, the scope for frauds like social engineering is increasing rapidly—at a severe cost.

As Chris Greany, Commander from the City of London Police highlights, “Social engineering is increasingly being used by criminals to prey on people’s personal and financial information. Fraudsters are using ever more sophisticated methods to gain personal information and these types of attempts have often left victims penniless.”

Mobile phones are not just gateways for criminals to access information—in certain situations the phones themselves are the cause of the problem. Those smartphone users who use Wi-Fi on the move are vulnerable to attacks from fraudsters who can use the information the device provides to commit crime. For instance, if a smartphone user has Wi-Fi enabled and comes into the range of a hotspot set up by fraudsters, then the device (and the users location) is logged, allowing criminals to know exactly where users are—or more importantly, where they are not. Many of the latest smartphones are pre-programmed to automatically detect Wi-Fi hotspots and any information that subsequently passes through the gateway could be stolen. This often includes credit card information and bank details.

Andy Gent, CEO of Revector—an award-winning mobile anti-fraud and revenue protection company— warns,The existing techniques of using social engineering over the phone and through email are already very dangerous but when you add in some of the technology that is becoming commonly available—such as Wi-Fi interceptors and low-cost IMSI grabbers – it can increase the level of intrusion and information engineering significantly.”

As technology continues to advance, the way in which fraudsters use it to target vulnerable individuals evolves too. Mobile security extends beyond the physical device and users need to be aware that everything they put online and the way in which they use their mobile device could be used against them.

Editorial credit: Rawpixel.com / Shutterstock.com

The Risks of Social Engineering