The rise of technological innovations such as ChatGPT is an example of how technology can improve lives. Already, many have shared tips on using the AI-powered chatbot to increase productivity or get them out of a tight spot – think distilling the latest news into key points that can be used at a networking event. The same technology can also ruin lives. Scammers can send out well-crafted messages with ChatGPT’s help, making it harder to discern between a legitimate request or a phishing scam which is typically identifiable via poor grammar or misspellings.
Unlike multi-national companies that have a dedicated team looking after the organisation’s information and cyber security needs, SMEs typically have neither the subject matter experts nor the sophisticated systems and thus may be more vulnerable to cyberattacks. One simple and cost-effective way that can be easily implemented to prevent a cyberattack is education. Through this educational series on protecting your business against scams, we condense key information that you can use to educate your employees. Let’s start off with Social Engineering!
What is Social Engineering?
Impersonating as officials from Singapore Government agencies, legitimate companies and banks that SMEs typically interact with, are just some of the common impersonation scams that happened in the last two years. These are examples of scammers using social engineering tactics to deceive or manipulate you into divulging confidential personal or company information.
How does Social Engineering work?
These days, work communication on a day-to-day basis is done mostly through digital channels such as business messaging applications, emails and social platforms whether it’s on a corporate or personal mobile phone, laptop or tablet.
Scammers assume identities of authorities or corporate officials and make use of such accessible communication modes to reach out to their victims. They may also seek to build rapport by revealing publicly available information such as your name, mobile number, and even your company and colleagues’ names to prove that they are real and thereby lowering your psychological defence.
What are the common types of Social Engineering attacks?
1. Phishing
This is the most common and simple type of attack targeted at individuals where scammers disguise as a trusted authority to trick you into revealing sensitive information. Some common red flags to spot phishing include receiving unsolicited requests that do not correspond with the initiator’s company. Such requests will usually get you to complete a payment, download a third-party software or attachment laced with malware, or to try and obtain sensitive credentials like your company’s login details through social media messaging platforms (e.g. Whatsapp, Telegram, Meta messenger, etc.), an email, a SMS or a phone call. Remember, ANEXT Bank will never request for your login credentials that includes your Business ID, Password and one-time password (OTP) through the abovementioned methods.
2. Business Email Compromise (BEC)
Another common scam on the rise is BEC, a type of social engineering attack where scammers send emails to company employees to trick them into performing an action that involves divulging confidential information and/or making a payment with company funds. These scammers tend to impersonate a trusted vendor, client or another employee or high-ranking management personnel to gain access to the company’s legitimate email account and use it to send emails, or take over email threads to include malware-laced messages. A good rule of thumb to remember if all else fails is to never act immediately. Always verify the authenticity of the email and think twice before clicking unsolicited links or downloading attachments.
3. Baiting or Quid Pro Quo
This form of social engineering technique exploits victims emotionally by enticing them with incentives in exchange for sensitive information. This could range from kickbacks or goods and services the victim tends to covet. Bear in mind, if the offer reads too good to be true, it most likely is. Scammers will execute these attacks in the form of pop-ups, or links in emails that infect your device with malware upon clicking.
How can you and your employees stay alert and not fall prey to Social Engineering?
These are some easy ways that everyone in the company can practise.
- Check the authenticity of the source of request, especially those who claim to be a trusted client, vendor or banking official using any of the above persuasion techniques.
- Recall if you are expecting to receive an attachment or have initiated a request to receive a link. If you have not done so, pause, think and check before responding.
- Ensure work devices have updated system software, up-to-date anti-malware and anti-virus software.
- If you have resources or a contact that can help you simulate any of the social engineering attack examples, it could help you determine how well prepared your employees are.
When it comes to ANEXT Bank’s services, ensure that any mobile application update requests originate only from the official application stores (App Store, Google Play Store and Huawei App Gallery) and that the Online Banking platform is accessed on a secure network through the official domain (www.ANEXT.com.sg). Now that you’ve gotten a quick 101 on what social engineering is, the type of attacks and how to prevent them, it’s time to pass this knowledge on to your employees.
