Understanding social engineering fraud

On an almost daily basis, organizations face evolving financial crime threats as attackers attempt to disarm and exploit credit unions, employees and members. One fraud technique becoming even more prevalent than before among financial institutions is social engineering, which leverages the power of persuasive conversation as a social engineer deceives employees and members into performing compromising actions or sharing confidential information.

Security is on the Line

In many cases, fraudsters use psychological techniques to manipulate their targets. The perpetrator may misrepresent their identity – often impersonating an authority figure – to establish trust with the unsuspecting individual. In many cases, this deception starts with a phone call.

As a former colleague often said: “You can’t see a badge over the phone.” In other words, do not trust someone’s stated identity without proper verification. Social engineers routinely claim to be members of the IRS or FBI, or representatives of the victim’s employer or bank. Fraudsters even masquerade as credit union members to manipulate employees into bypassing authorization controls.

Unfortunately, a common refrain among fraud victims is, “My phone’s caller ID said it was from my bank.” Bad actors often program caller ID systems to display the name of a recognizable individual or organization. This spoofing tactic ups the odds that a target will accept the call and trust the fraudster.

Persuasion Spans Platforms

The tried-and-true telephone remains a powerful tool for criminals who want to feign identities, steal sensitive information and loot bank accounts. However, social engineers take advantage of additional attack vectors enabled by new technologies. With the proliferation of internet-based tools in our personal and professional lives, fraudsters now target victims across various channels. Social engineering extends to social media and professional networking websites – exploiting users’ willingness to connect with unknown individuals.

Through fake profiles, criminals attempt to connect and ingratiate themselves with targets who are eager to network. These fraudsters establish rapport and extract valuable personal or employer information from their unknowing victims. Given these platforms’ social engineering risks, business networking and information-sharing protocols should be a defined part of your organization’s social media policy.

A Persistent Threat

Across communications mediums, criminals employ social engineering tactics in tandem with other types of fraud, including hacking, phishing, malware and spoofing. Virtually everyone has received these fraudulent calls, texts, emails and social media messages. Even if a small portion of targets falls for the social engineer’s tactics, the stolen information generates significant profits. The fraudster benefits from this cycle, while the impacted organizations and individuals face devastating consequences.

As the battle against social engineering continues, proactively equip your organization, employees and members with fraud prevention tools and training. Resources and white papers from trusted industry partners like PSCU can help make sure your credit union is well equipped to not only combat, but also ideally stop fraudsters in their tracks. Awareness is key to blocking social engineering attempts and defending confidential information and account access.

Dan Draz

Dan Draz

Dan Draz is the Vice President Risk Program Management at PSCU. Via the Enhanced Fraud suite of solutions that he oversees, his team provides “concierge-level,” anti-fraud, risk mitigation and member ... Web: pscu.com Details