Social Engineering: do you know how to spot a fraudster?Last updated: 7 January 2020 Do you know who you're actually talking to on the other end of the phone? Does an email or text message look genuine? Be vigilant. Thieves now have various clever ways to steal information for fraudulent purposes. Read on to learn how to protect your organisation from fraudsters. These tactics are known as social engineering, and it's on the rise. What you need to know Fraudsters use various techniques to get information, including:
Phishing Emails may create a sense of fear, urgency or opportunity to encourage recipients to click on a link or open an attachment that then infects their machine with a virus or malware. This then allows criminals to steal information or money and/or disrupt a computer system. While many fraudsters act randomly, some target specific groups of employees or customers. This is called spear phishing. One example is CEO fraud, where criminals impersonate senior executives and instruct colleagues to transfer money to them. Another tactic is payment diversion fraud. Criminals will send an email claiming to be from a supplier. It says its bank details have changed so funds should be transferred to another account instead. Don't reply to these emails. Always take the extra step of verifying any requests through an alternative communication method. Smishing Text messages may claim that your bank suspects there has been fraudulent activity on your account, that you are in trouble with tax authorities, or have won some money. Smishing texts typically request urgent action, which often means clicking on a malicious link that in turn enables data theft. Spam filters stop many phishing emails from reaching inboxes, but no mainstream solution yet exists to prevent texts from reaching their intended target. Vishing Fraudsters will often create a sense of panic to get a quick response over the phone. They may pretend to be a colleague or a customer in a rush or requiring urgent assistance. Fraudsters may call you pretending to be from HSBC. They may try to direct you to perform actions which would enable unauthorised payments to be sent to the criminal. This could include providing security codes generated from your token. What you can do It is important that you raise awareness of the potential impact of social engineering within your organisation, and implement a policy for reporting suspected cases. Top tips to stay safe from social engineering:
Learn how to spot suspicious calls, texts and emails > Under no circumstances will HSBC ever ask you to ask you to divulge any of your security details over the phone, by text message or via email. If you are ever doubtful about your HSBCnet activities or the authenticity of incoming telephone calls, texts or emails purporting to be from HSBC, please call your local HSBCnet Support Centre or your HSBCnet representative for further verification.
|
The postal address for related inquiries is: This communication is provided by HSBC Bank plc on behalf of the member of the HSBC Group that has contracted with your organisation for the provision of HSBCnet services. You received this email notification because you are a registered user of HSBCnet. Should you have any concerns regarding the validity of this message, please contact your local HSBCnet customer support. We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by email or otherwise ask you to validate personal information, such as your username, password or account numbers. If you receive such a request, please call your local HSBCnet customer support. Links within our emails will only take you to information pages. If you wish to unsubscribe from receiving service information from HSBCnet, please select here. © Copyright. HSBC Bank plc 2020. All rights reserved. Privacy & Data Protection Statement | Terms & Conditions Deutsche | En español | En français (Canadian) | En français (European) | 繁體中文 | 简体中文 |