Social engineering 101

Cybercrime is still a huge security problem as we continue to work, shop, and play online. Many of us use the latest software to protect our devices and regularly update our passwords as more information becomes available on the dangers of cybercrimes. So, fraudsters have to find more creative ways to hook us online. Simply hacking into a phone or an online store is not enough anymore. Criminals have found ways to gain our trust online and get us to 'voluntarily' share our personal information with them.

This is called 'social engineering' and it consists of a variety of methods used by criminals to retrieve their victim's personal details (such as an ID number, username, password, or bank account details) to access their personal accounts fraudulently.

So, why social engineering?

Some fraudsters resort to sneaky methods of gaining your details because it's easier to get you to trust them than it is to break into your computer or personal accounts. Think about it… what's easier: getting someone to SMS, email, or tell you their password on the phone, or hacking into their email account to find their passwords?


Methods of social engineering      

Cybercriminals have several ways of getting you to share your details with them. Let's take a look at a few methods they typically use and that you should be aware of.


  1. Baiting
    As the name suggests, 'baiting' involves luring in a victim with a tempting offer for goods or services. This could come in an email, for example, with a tempting offer for a gift card or a link to download music or movies for free. Often, clicking on these links downloads malware onto your device or causes you to share information with your attacker which they use to their advantage and to your detriment.
  1. Phishing
    'Phishing' refers to a set of attacks carried out on email in most cases. The email in question often appears to be from a reliable sender – a store you've shopped, a charity organisation, or even someone you know – and contains an urgent request which can’t be met without your personal details. Because the email resembles a legitimate organisation, the victim feels confident enough to share their own details. Other forms of this attack take place through SMS (smishing) and on the phone (vishing).
  1. Scareware
    Have you ever seen those little pop-ups on websites that warn you that your anti-virus software is out of date? Well, do NOT click on them! Doing so will more than likely download malicious software onto your device or trick you into buying software that could harm your device or give fraudsters access to your details.


Don't be the next victim!
Follow these tips to bank, shop, and play online safely.


  1. Pause
    Slow down! Remember, criminals thrive on the sense of urgency with which we use social media, apps, and websites. It helps to take a few minutes to scan an email, SMS, or website that you've landed on before entering your credit card details or clicking on a link.
  1. Delete
    If you're not sure if the email or SMS you've received is trustworthy, rather delete the communication immediately.
  1. Ignore pleas for help
    Remember, any form of communication, whether an email, SMS, or phone call, that seems very urgent is a red flag. It’s best to hang up the phone, or delete the email or text.
  1. Never share your personal information
    This goes without saying, but seriously, don't share things like your ID number, address, bank account number, tax number, or contact details with strangers online.
  1. Secure your accounts and devices
    Believe it or not, creating strong passwords goes a long way in protecting your accounts. You might also want to consider updating your security software on all of your devices regularly.

Latest on African Bank Stories

Rachel encourages South Africa to set goals and shares how she reached hers.
Zoleka reflects how her winnings helped her fund for her education and buy books for her kids.