Picture your Future. Save for it by earning 1.5% on a 1-year Term Deposit Account! Learn more.

What is social engineering and how does it work?

In the context of IT security, social engineering means the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. While systems become progressively more secure, humans unfortunately remain vulnerable to manipulation. This is because criminals can take advantage of people’s emotions to persuade them to provide personal or other sensitive information, that they would not usually share.

How does social engineering work?

Scammers use human emotions; curiosity, fear, and greed, to make people take actions they would normally avoid. A social engineering attack can take place in the real world as much as in the digital one, but they are always designed to make the victim share information or download malicious software.

One of the most common tactics used is baiting. This happens when the target of an attack is tempted into downloading malware or sharing information with the promise of a reward or exclusive access to specific information. Baiting happens in the real world with, for example, USB devices left in conspicuous public places. These end up being picked up by curious individuals who cannot resist the temptation to open them on their own devices to see what content they contain. More commonly, baiting happens through email or on the internet with, for example, messages telling the user that they have won a prize or been selected for some award and asking them for personal details, or to access a link, to ‘complete’ the process. If you unexpectedly receive a message claiming that you have won something or making an offer that seems too good to be true, treat it with extreme caution.

Another very common form of social engineering is phishing. Phishing normally happens via email although it can also occur by SMS (Smishing) and Voice (Vishing). A phishing attack normally focuses on fear, rather than curiosity or greed. It normally uses a sense of urgency or threat of negative consequence to push the user into sharing information or downloading malicious files. These attacks normally take the form of telling a user that an account has been compromised and details are needed ‘immediately’ to rectify the situation. The threat of a phishing attack can be minimised by ensuring you have adequate anti-virus software installed on your devices and by taking a few precautionary steps such as checking the email addresses of senders and the URLs included in messages. Also, keep in mind that legitimate communications from organisations should be addressed to you personally and should never make you feel like you must share sensitive information under pressure. When in doubt, always contact the organisation through a known safe channel.

A more sophisticated form of phishing is called spear phishing. This normally targets senior management or officials withing organisation who have access to sensitive or privileged information. In these cases, attackers spend much more time investigating their target to craft messages that include highly specific details or which appear to be sent from key individuals which make them much harder to detect as malicious. Spear phishing attacks require a lot more research and effort from hackers and can evolve over months as they build up the trust and confidence of their target. However, the potential rewards of compromising the accounts of high value targets makes spear phishing an attractive proposition for criminals.

Fear and pressure are also used in a tactic known as scareware. This tactic sees scammers bombard the user with messages while they are browsing the internet telling them that their device has been infected by malware and pushing them to click on a link to download some software to scan or clean their device. Of course, the software installed is of no benefit to the user, only to the scammer.

Stop and think!

Bad actors will always exist and attempts to gain access to your personal information or accounts are inevitable. That said, you can significantly reduce the risk not only be installing the appropriate software on your devices and keeping this up to date. Being cautious and asking yourself some simple questions like; Is this offer too good to be true?, Was I expecting this organisation to contact me this way? Do I feel under pressure to take a decision?, will also help you to spot potential social engineering attacks. Stop and think before you click.

Finally, if you receive a message that claims to be from MeDirect but you are not sure of its authenticity please contact us immediately on (+356) 2557 4400. The information you provide will be used to help reduce financial fraud.

Join MeDirect today to access the tools you need to put your money to work on your own terms.

Latest news articles

Starting the tight policy unwind
All News

BlackRock Commentary: Starting the tight policy unwind

The Federal Reserve is expected to begin rate cuts this week, but despite market anticipation of sharp reductions, persistent inflation from fiscal policies and structural forces may limit the extent of cuts, with recession fears being overstated.

Epic Investment Partners Weekly Article
All News

Epic Investment Partners Views: The Week Ahead

The Federal Open Market Committee meeting this week is expected to signal the start of the easing cycle, while other key events include central bank meetings from the Bank of England and Bank of Japan, alongside major economic data releases such as US retail sales, Eurozone and UK Consumer Price Index, and Japan Consumer Price Index.

Experience better Banking

The sooner you start managing your money, your way, using the best-in-class tools, the sooner you’ll see results. 


Sign up and open your account for free, within minutes.

MeDirect_Multi-Devices-cards

You are leaving medirect.com.mt

Please be aware that the external site policies, or those of another MeDirect website, may differ from this website’s terms and conditions and privacy policy. The next website will open in a new browser window or tab.

 

Note: MeDirect is not responsible for any content on third party sites, nor does a link suggest endorsement of those sites and/or their content.

Login

We strive to ensure a streamlined account opening process, via a structured and clear set of requirements and personalised assistance during the initial communication stages. If you are interested in opening a corporate account with MeDirect, please complete an Account Opening Information Questionnaire and send it to corporate@medirect.com.mt.

For a comprehensive list of documentation required to open a corporate account please contact us by email at corporate@medirect.com.mt or by phone on (+356) 2557 4444.