Protecting against social engineering attacks
Learn more about social engineering tactics and how Fraud Hunting Platform helps detect them.
What is social engineering?
Criminals use social engineering attacks to trick, deceive, and manipulate their victims into giving away confidential information and funds. Social engineering is a common tactic adopted by hackers as taking advantage of users’ personal weaknesses is easier than finding network or software vulnerabilities.
Social engineers study the victims and their behaviour, then design an attack based on the intelligence collected.
Usually, social engineering involves email or other means of communication that cause feelings of urgency, fear, or similar emotions in the victim, pushing them to promptly reveal sensitive information, click on a malicious link, or open a malicious file. The most popular social engineering attacks used in online banking fraud include pretexting, phishing, and hacking email & social media accounts.
- Scammers create a scenario to engage the victim by impersonating an official representative, for example a bank manager, to convince the target to share personal information such as account numbers or passwords.
- Hackers send a bulk mailout or SMS (smishing) that looks like it was sent from a legitimate source such as a popular online store, an email company, or a computer tech support company.
- Once the victim has been lured to click on it, their device can be infected with malware. The user is then redirected to phishing sites so that the scammers can access the person’s online bank accounts.
- Cybercriminals hack into an individual’s email or social media account and send messages to the victim’s friends, relatives, or colleagues claiming to be in trouble and needing money, for example.
How Fraud Hunting Platform helps detect social engineering attacks
By leveraging behavioural analytics, advanced device fingerprinting, Threat Intelligence, and global user profiling technologies, the system continuously analyses user profiles based on:
What happens during the session
Typical behaviour of legitimate users vs. fraudsters, as well as individual fraud patterns.
How the user behaves
Biometric information with several criteria including browsing, mouse movement, keystrokes, typing speed, delays, etc.
What device is used
A set of technical parameters including user-agent, platform, OS, time zone, plugins etc., as well as any suspicious changes.
1. Obtaining card details
2. Completing the registration
3. Completing the registration
Fraud Hunting Platform identifies:
- New devices that have not been used by the client in the past;
- The device’s location;
- A typical fraudulent pattern of the actions performed during the session;
- Disparities between user behaviour during the session and the user’s usual actions.