A type of confidence trick, social engineering is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing emails and fraudulent phone calls asking for personal or financial information - known as vishing (voice phishing) - or phone calls from fraudsters impersonating computer technical support agents.
According to official data, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim. Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It is a factor in many types of fraud.
Alasdair MacFarlane, Head of Customer Security at RBS, said: “RBS are committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We're delighted to be working with Get Safe Online in raising awareness on this important issue.”
Getsafeonline.org and rbs.co.uk/security both offer a number of tips on avoiding becoming a victim of social engineering:
- Always be wary of people requesting confidential or personal information by whatever means, however convincing they may
- Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID
- Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that RBS will never ask you for your password via email or a phone call
- If you receive a phone call requesting confidential information, verify it is authentic by asking for a full and correct spelling of the person’s name and a call back number
- Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number
- If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call
- Do not open email attachments from unknown sources