Social engineering as a scam can take many different forms. One of these is a non-technical form where a scammer already knows enough about you to make you feel comfortable and confident in revealing more personal information. The personal information they really need to defraud you.
This is known as ‘pretexting’ or ‘vishing’ voice-phishing, where the scammer is phishing for information using voice communication like a phone call. The caller uses information about you they already know, which could be pieced together from your social media accounts or if you have lost or had your wallet stolen, they will present themselves as someone trustworthy like a representative from your bank.
A good example of this could be if you have lost your wallet. A scammer might find a shop receipt in your lost wallet and call you posing as a shop attendant. To get more information out of you they might say you have won a voucher and simply need you to provide a PIN number to activate the card. Unfortunately, most people will provide a PIN number they already use. The caller now has your wallet, bank cards, ID cards and a PIN number they can use to try and defraud you.
What to do if you receive a suspicious call
Think about the information you are being asked for:
- is what the person is saying believable?
- why do they need this information?
- are they making a reasonable request for this purpose?
- is this person who they say they are?
It is ok to say no and to ask them to verify who they are. If you are not sure of the credibility of the person you are speaking to hang-up and call the organisation yourself. Don’t call any phone numbers the caller gives you either over the phone or in email, look up a phone number for the organisation on their website.