Social engi­neering

To obtain con­fi­den­tial infor­ma­tion, crim­i­nals often abuse the good faith, help­ful­ness or inse­cu­rity of their vic­tims. Whether this involves fic­ti­tious tele­phone calls, fake policemen or phishing - the target of social engi­neering attacks is always a human being. The best pro­tec­tion is a “healthy dose of sus­pi­cion”.

Pro­tect your­self against social engi­neering attacks by...

  • dis­closing as little infor­ma­tion about your­self as pos­sible. On social net­works in par­tic­ular, you should only ever divulge infor­ma­tion very spar­ingly.
  • never let­ting any­body else know your pass­words or TAN codes - not even system admin­is­tra­tors or your boss. A pass­word belongs to you, and you alone!
  • being wary when receiving requests by e-mail or tele­phone. Even e-mails from known senders and tele­phone calls received from familiar tele­phone num­bers can be fake!

Social engi­neering attacks aim at elic­iting per­sonal or con­fi­den­tial infor­ma­tion (for instance access data, pass­words, etc.) from you, to then use them illic­itly.

As a first step, crim­i­nals try to col­lect as much infor­ma­tion about their victim as pos­sible. That’s because with this infor­ma­tion, it is easier to mis­lead them. This for instance allows fraud­sters to then pre­tend to be someone you know.

And the ideal means to obtain infor­ma­tion is the Internet. Social net­works in par­tic­ular, such as Face­book, Xing, Insta­gram etc., con­tain very many per­sonal details. Based on such data, attackers can then specif­i­cally address someone. Thanks to the infor­ma­tion col­lected, they then seem trust­worthy.

How can you effec­tively pro­tect your­self?

Unfor­tu­nately, there are no tech­nical mea­sures pro­tecting against any social engi­neering attacks. Since attackers specif­i­cally exploit human char­ac­ter­is­tics such as help­ful­ness, inse­cu­rity, good faith and basic trust in others, it is very dif­fi­cult to dis­cover and fend off a social engi­neering attack.

Gen­er­ally, the only pro­tec­tion is a “healthy dose of sus­pi­cion” towards strangers - but also towards people you (seem­ingly) know. It is also often helpful to scru­ti­nise the infor­ma­tion you dis­close about your­self, and who you dis­close this to.

In case of sus­pi­cion, advise your finan­cial insti­tu­tion

If any­thing seems sus­pi­cious with regard to your e-banking, don’t divulge any­thing, and advise your finan­cial insti­tu­tion as soon as you can. The coor­di­nates can be found here.

Social engi­neering exam­ples

  • Someone pre­tends to be an engi­neer (for instance working for a com­mu­ni­ca­tion com­pany, an elec­tricity provider, etc.) and tries to gain access to your house or com­pany this way.
  • You receive an e-mail asking you to click on a link and then log in, or to dis­close some per­sonal details.
  • Someone calls you on the tele­phone and would like to ask you cer­tain ques­tions for a survey (for instance as to how much you earn, about secu­rity mea­sures on your com­puter, etc.).
  • An attacker fakes the e-mail sender address and this way pre­tends to be someone else you know (poten­tially with an attach­ment con­taining mal­ware).
  • At work, you are approached by someone pur­porting to be an IT employee who pre­tends having to under­take some main­te­nance tasks on your com­puter.
  • Some social engi­neering attacks even involve people specif­i­cally applying for a vacancy in a com­pany to then pro­ceed to steal spe­cific infor­ma­tion.

Social engi­neering is a wide-spread method of snooping on con­fi­den­tial infor­ma­tion. This always tar­gets humans. There are no tech­nical pro­tec­tion mea­sures to pre­vent this. The only mea­sure to take there­fore is to apply a healthy dose of sus­pi­cion.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend