Social engineering is the term used for a broad range of malicious activities accomplished through psychological manipulation of user and tricking them to make
security mistakes or give away sensitive information.
e.g. Phishing, Vishing, Tailgating, Spear Phishing etc are some examples of social engineering.
Fraudster uses various techniques to pick up on victim’s greed or curiosity to lure them into trap to steal information or planting malware.Baiting can be done using Physical media or Online.
Modus Operandi :Physical baiting is typically carried out using malware infected pen drive, which are placed by fraudster in strategic areas where potential victim is certain to see them. The bait has an authentic look. Victims pick up the bait out of curiosity or greed and insert it into a computer/Mobile, resulting in
automatic installation of malware on the system.
Online forms of baiting consist of enticing ads that lead to malicious sites or that encourage users to download a malware-infected application.
Precautions to be taken : The most effective preventive method against a baiting attack is awareness.Don’t click on links given in advertisements or from untrusted sources.
Don’t connect any unknown storage media into system, if required then scan / format before connecting in to system.
Use anti-malware software in computers/Mobile.
Disable autorun feature for pen drive.
Modus Operandi :
Precautions to be taken : The most effective preventive method against a baiting attack is awareness.
Scareware is a type of malware tactic used to manipulate victims into downloading or buying potentially malware-infested software.
Modus Operandi :Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infected with malware, prompting them to install software that has no real benefit (other than for the perpetrator) or is malware itself.
Scareware is also referred to as deception software, rogue scanner software and fraud ware.
Precaution to be taken:Never click on malware notifications popping up in browser.
Keep your browser updated.
Avoid/stop accidental downloads by cancelling the process if clicked.
Always use genuine antivirus software.
Modus Operandi :
Precaution to be taken:
Pretexting is an attack in which the attacker creates a scenario to try and convince the victim to give up valuable information, such as a password.
Modus Operandi :Never share sensitive information by email, phone, or text message.
Think whether and why someone really needs the information requested from you.
Verify requests for valuable information by going directly to a company or source through a different means of communication.
Modus Operandi :
The attacker usually starts by establishing trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons who have right-to-know authority. The pretexter asks questions that are ostensibly required to confirm the victim’s identity, through which they gather important personal data.
Precautions to be taken :Phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.
Modus Operandi :
Third-Party Websites can be created by Fraudsters similar to genuine website such as bank or e-commerce Websites.
Links are circulated through Email/SMS/Social Media.
Unsuspecting
These credentials are then captured by Fraudsters and misused.
Precautions to be taken : Never click on unknown links.
Delete emails/SMS immediately to avoid access in future.
Verification of website should be done especially once there is requirement for entering financial or secure credential or personal identifiable information.
Precautions to be taken :
Spear phishing is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
Modus Operandi :
A spear phishing attack involve use of email containing specific information about target individual such as name designation, address etc. These social engineering techniques used convinces victim to follow the instruction given in mail as required by fraudster for infecting the system or stealing data.
Precautions to be taken :Avoid clicking any link in mail.
Always check the details of sender.
Secure your personal information.
Keep your system security up to date.
Modus Operandi :
A spear phishing attack involve use of email containing specific information about target individual such as name designation, address etc. These social engineering techniques used convinces victim to follow the instruction given in mail as required by fraudster for infecting the system or stealing data.
Precautions to be taken :
Vishing is a cybercrime that uses the phone to steal personal confidential information from victims. Often referred to as voice phishing, cyber criminals use savvy social engineering tactics to convince victims to act, giving up private information and access to bank accounts.
Modus Operandi :
Fraudsters contact customer through telephonic calls posing as bankers/insurance agents/government officials, etc., and ask them to confirm credentials by sharing details such as name, date of birth etc, to gain confidence.
Precaution to be taken :
Bank officials never ask customers to share confidential information such PIN,CVV, OTP, Password, card details.
Never share any secure credential over phone.
Modus Operandi :
Fraudsters contact customer through telephonic calls posing as bankers/insurance agents/government officials, etc., and ask them to confirm credentials by sharing details such as name, date of birth etc, to gain confidence.
Precaution to be taken :
A smishing text is a text message sent to your phone worded in a way that makes you feel comfortable sharing personal information.
Modus Operandi :
Fraudsters send SMS posing as bankers / insurance agents / government officials, etc., and ask you to confirm credentials by sharing details such as name, date of birth etc. to gain confidence.
Precaution to be taken : Avoid clicking on links received in sms
Bank officials never ask customers to share confidential information such as PIN,CVV, OTP, Password, card details.
Modus Operandi :
Fraudsters send SMS posing as bankers / insurance agents / government officials, etc., and ask you to confirm credentials by sharing details such as name, date of birth etc. to gain confidence.
Precaution to be taken :
SIM Swap means the process of replacing an existing SIM with a new one or moving the existing SIM to the new SIM.
Modus Operandi :
Fraudsters gain access to the SIM card or obtain duplicate SIM card for carrying out digital transactions using OTP received on such duplicate SIM.
Precautions to be taken:Never share credentials related to SIM card.
Lock your bio-metric using My Aadhaar App or UIDAI Website or by sending SMS to 1947 in prescribed format to prevent unauthorised EKYC
Be cautious if you are not getting mobile network in your phone for considerable time. Contact mobile operator immediately to ensure that no duplicate SIM is being issued for your SIM.
Modus Operandi :
Fraudsters gain access to the SIM card or obtain duplicate SIM card for carrying out digital transactions using OTP received on such duplicate SIM.
Precautions to be taken:
Juice jacking is a type of cyber attack which uses corrupt Mobile charging station to infect Phones and Tablet which use the same cable for charging and data transfer (such as USB cable)
Modus Operandi :
Mobile charging Port can be used for Transfer of Files.Juice jacking is a type of cyber fraud, where, once your mobile is connected to unknown / unverified charging ports, malicious software are installed and fraudsters can access your sensitive data and misuse it.
Precautions to be taken : Always avoid using public unknown charging ports or cables.
Always use your own power bank or charging USB cable for charging your phone.
Modus Operandi :
Mobile charging Port can be used for Transfer of Files.
Precautions to be taken :
Lottery fraud is an online fraud with an intent to rob off your hard-earned money by
deceiving you into believing that you have won a lottery.
Modus Operandi :
Fraudsters send email or make phone call informing you that you have won a huge lottery.
To receive the amount, fraudsters asks the victim to confirm his/her identity by verifying through bank account / credit card on their website from which data is captured by fraudsters
Since the requested money is very small percentage of the lottery / prize, the victim falls into the trap of the fraudster and make payment.
Precautions to be taken :
Never make payments or share secure credentials for lottery calls / emails.
Always be suspicious when you come across such unbelievable lottery or offers.
Modus Operandi :
Precautions to be taken :
Job frauds are a sophisticated fraud, offering fictitious job opportunities to job
seekers. This type of fraud is normally done through online services such as bogus websites, or through unsolicited e-mails claiming to be from known companies or brands
Modus Operandi : Fraudsters create Fake Job portals and lure victims to enter their sensitive information for registration. On entering the details, the account is compromised.
Fraudsters also pose themselves as officials of a reputed company and confirm selection after doing fake interviews and request money in lieu of it.
Precautions to be taken : Genuine company offering job will never ask for money.
Never make payments on unknown job portals.
Modus Operandi :
Precautions to be taken :
Fraud or fake app is an app that’s created to mirror a legitimate app available in the
App Store or Play store. The scammers’ goal is to create an app that people will mistake for the actual popular app and download to their phones.
Modus Operandi : Fraudulent links for such applications are shared through E-mail/SMS/social media etc.
Once the malicious application is downloaded, the fraudster can gain access to the device.
Precautions to be taken : Never download application from unverified / unknown sources.
Always download from Google Play Store or Apple App Store only
Don’t download app which is not necessary
Read the review and rating of app before downloading
Check the number of downloads for the app before downloading. An app with large number of downloads should only be downloaded.
Modus Operandi :
Precautions to be taken :
Fraud or fake app is an app that’s created to mirror a legitimate app available in the App Store or Play store. The scammers’ goal is to create an app that people will mistake for the actual popular app and download to their phones.
Modus Operandi : Fraudulent links for such applications are shared through E-mail/SMS/social media etc.
Once the malicious application is downloaded, the fraudster can gain access to the device.
Precautions to be taken : Never download application from unverified / unknown sources.
Always download from Google Play Store or Apple App Store only
Don’t download app which is not necessary
Read the review and rating of app before downloading
Check the number of downloads for the app before downloading. An app with large number of downloads should only be downloaded.
Modus Operandi :
Precautions to be taken :
Social Media frauds – Online fraud appears in many forms. It ranges from email spam to online scams.
Modus Operandi : Fraudsters create fake account on popular social media platforms like Facebook, Instagram etc.
Fraudsters also gain trust over a period of time and can use your Personal information for blackmailing.
Precautions to be taken : Do not make online payments to unknown persons.
Never share personal and confidential information on social media platforms.
Do your due diligence before accepting friend request.
Modus Operandi :
Precautions to be taken :
A one-time password (OTP), also known as one-time pin, is a password that is valid for only one login session or transaction, on a computer system or other digital
device
Modus Operandi : Fraudsters lure victims through various social engineering techniques.
Fraudster calls the victim, convince them to share the OTP received in their mobile and carryout unauthorised transfer/transaction in the account.
Precautions to be taken : Never share OTP/PIN Numbers/Personal Sensitive information in any form to anyone.
Always keep a tab on SMS/Emails to ensure that no OTP is generated without your knowledge.
Modus Operandi :
Precautions to be taken :