Social Engineering - How Fraudsters Use Psychology to Con You

Social media has brought customer support one step closer to you. Whenever you need a solution to a problem, you can easily login and interact directly with a customer care representative.

Sometimes during these interactions, you might end up posting personal details on social media forums instead of using secure means of sharing them. These details can easily get misused by fraudsters.

Important reminder- OneCard never asks for confidential or personal details. Ignore all e-mails claiming to be from OneCard if they are not from the Onecard domain. If you suspect fraud, please contact us immediately over chat support / reportfraud@getonecard.app / Cust care no 1800-210-9111.

Do not share personal details on social media

What is social engineering?

Social engineering is, basically, a con. It's a trick that relies on psychological manipulation in order to get a victim to reveal confidential information—likelike a bank account password or a credit card number, expiration date and CVV code

Social engineering is when fraudsters use your personal details to trick you into trusting them. Often fraudsters build trust by pretending to help you with an issue. In reality, they’re just using your personal details to con you out of your money.

How does social engineering work?

Often, a scammer pretends to be someone they’re not. They might pose as an employee at your bank who’s calling to inform you that there’s been some unusual activity on your credit card. Or perhaps the scammer will pose as an IRS collections officer and ask you to pay money owed immediately or have your assets frozen.

An invented scenario, or pretext, is typically a key feature for the scammer in any social engineering effort. By posing as a figure of authority or trust and relating a story that seems plausible, they can overcome your natural scepticism and, again, exploit human behaviour to get something of value.

What are common types of social engineering?

Social engineering is used in a variety of scams. Vishing (“voice phishing”) uses social engineering over the phone to run scams, like the ones mentioned above. But it can also be used by criminals for even more elaborate scams—like getting employee log-in credentials or getting insider information about how a business works.

Phishing is an email scam. Spear phishing relies on highly-targeted emails that are specifically aimed at potential victims. And smishing uses text messages to, perhaps, lure its victims to fraudulent websites or trick them into sending credit card details over text.

During the holidays when there is a lot of eCommerce shopping happening, a scammer might replicate a shipping email, but the link to track your shipment will activate the malware. Since chances are you have made an e-commerce purchase recently, you may be more likely to click on that link.

Baiting is another way that scammers use social engineering. Have you ever come across a USB flash drive or another piece of physical media in a parking lot or at a coffee shop that someone dropped? Now, should we stick something like a mysterious flash drive in our computer? Probably not.

But what if it was labelled “Salaries” or “Personal and Confidential”? Thanks to social engineering, a scammer knows some people just won’t be able to help themselves and they’ll actually plug that flash drive into their computer. And little does the victim know, the flash drive probably contains malware which will infect the host computer and any networks it connects to.

Anyone can be a victim of social engineering, too. Even executives. In fact, there’s even a term for social engineering that’s aimed at CEOs, CFOs and other high-profile employees: “Whaling.”

Protecting yourself from social engineering scams

Many scams—online and offline—use social engineering to get past our defences. Sometimes the offer of something that seems too good to be true or plays upon our human desire to help someone else in need can be difficult to resist.

The safest way to protect yourself from social engineering—in whatever form— is to never, under any circumstances, divulge personal information over the phone, email or text. And remember these three S’s: slow down, be sensible, be sceptical.

Onecard will never contact you over the phone or by email asking for your personal information. The bottom line: protect your information as if it were worth more than gold.