Most of cyber crimes have evolved from the profoundly stupid to the seductively convincing in recent years.
Largely illiterate and scarcely credible emails purported to be from the widows of sub-Saharan dictators with suitcases of blood diamonds to dispose of have been replaced by subtle correspondence known as “social engineering”.
The scams are worthy of the dystopian name. Social engineering is extremely targeted, and sees fraudsters manipulating frequently vulnerable people over a long period. Slowly, through a combination of fake emails, phone calls, texts messages or online posts, the victims are tricked into sharing confidential information.
Because the attack is complex and personalised, it can be very difficult to spot a scam before it is too late.
Interpol has described social engineering fraud as one of the major trends to emerge in recent years. It is not difficult to see why. Reported worldwide losses as a result of social engineering doubled last year to almost €1 billion. Yet t with many victims too embarrassed to report such crimes, the likelihood is the losses are much higher.
A major advertising campaign by Get Safe Online has just been launched in Britain and the North warning of the dangers of such scams. The organisation's chief executive, Tony Neate, has warned that social engineering is becoming "more targeted and personal".
But that’s not all. “What’s worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic – if we get an email purporting to come from someone we trust [such as our bank] about something that is emotive to us all [money] and then demand that we act urgently, it’s almost like the perfect storm.”
It is not just individuals who are vulnerable. Some 70 per cent of cyber attacks directed at businesses now use social engineering methods. Rather than targeting computer systems – which can have robust security measures – criminals target people who are often more lax than the machines they use. Fraudsters send legitimate-looking emails to employees supposedly from their managers. They may contain links to shadowy websites or requests to transfer money. Fearful of incurring the wrath of their bosses, employees act fast. And when people under duress act fast, they make mistakes– mistakes criminals are waiting to capitalise on.
