Protecting against social engineering  attacks

Learn more about social engineering tactics and how Secure Bank helps detect them.

What is social engineering?

Criminals use social engineering attacks to trick, deceive, and manipulate their victims into giving away confidential information and funds. Social engineering is a common tactic adopted by hackers as taking advantage of users’ personal weaknesses is easier than finding network or software vulnerabilities.

Social engineers study the victims and their behaviour, then design an attack based on the intelligence collected.

Usually, social engineering involves email or other means of communication that cause feelings of urgency, fear, or similar emotions in the victim, pushing them to promptly reveal sensitive information, click on a malicious link, or open a malicious file. The most popular social engineering attacks used in online banking fraud include pretexting, phishing, and hacking email & social media accounts.

Pretexting
  • Scammers create a scenario to engage the victim by impersonating an official representative, for example a bank manager, to convince the target to share personal information such as account numbers or passwords.
Phishing
  • Hackers send a bulk mailout or SMS (smishing) that looks like it was sent from a legitimate source such as a popular online store, an email company, or a computer tech support company.
  • Once the victim has been lured to click on it, their device can be infected with malware. The user is then redirected to phishing sites so that the scammers can access the person’s online bank accounts.
Hacking email & social media accounts
  • Cybercriminals hack into an individual’s email or social media account and send messages to the victim’s friends, relatives, or colleagues claiming to be in trouble and needing money, for example.

How Secure Bank helps detect social engineering attacks

By leveraging behavioural analytics, advanced device fingerprinting, Threat Intelligence, and global user profiling technologies, the system continuously analyses user profiles based on:

What happens during the session

Typical behaviour of legitimate users vs. fraudsters, as well as individual fraud patterns.

How the user behaves

Biometric information with several criteria including browsing, mouse movement, keystrokes, typing speed, delays, etc.

What device is used

A set of technical parameters including user-agent, platform, OS, time zone, plugins etc., as well as any suspicious changes.

30%
increase in the detection of social engineering attacks
79%
decrease in the number of false verdicts given by the anti-fraud system

1. Obtaining card details

Scammer
Scammer obtains victim’s credit card details
Victim

2. Completing the registration

Scammer
initiates online banking registration
Bank
an SMS is sent to the victim to confirm the registration
Victim
At the same time, the scammer contacts the victim and attempts to convince them to share the SMS by impersonating a bank manager, for example.

3. Completing the registration

Scammer
SMSOnce the scammer receives the SMS, they complete the registration process and take over the account by linking it to their mobile number.
Bank

Secure Bank identifies:

  • New devices that have not been used by the client in the past;
  • The device’s location;
  • A typical fraudulent pattern of the actions performed during the session;
  • Disparities between user behaviour during the session and the user’s usual actions.
Interested in a free trial? Contact us to learn moreRequest a demo

Evaluate your clients’ vulnerabilities and your potential risks – for free. Leave us your contact information to try the solution.

Thank you for the inquiry! We will contact you soon.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

Thank you for the inquiry! We will contact you soon.
Cookies

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.