What is social engineering and how can you defend yourself?

Get to know what social engineering is, the most common attacks and how to avoid becoming a victim of this kind of frauds

The daily use of the Internet brought many benefits, but it also opened up a new opportunity for scams. Most of these scams are carried out through social engineering, which is composed of psychological techniques that attempt to manipulate consumer behavior through social influence, i.e. by influencing people’s decision making. 

Thus, the fraudster tries to reach his victim by appealing directly to his feelings: joy, fear, sadness, anger, rage… This is how people are pressured to do what the fraudster intends, usually because of their empathy and desire to help. 

There are several types of attacks related to social engineering. One of the most popular is phishing. In this type of deception, the cybercriminal contact their victim through an email impersonating the identity of someone known, either a person or an institution, to obtain personal data such as passwords, credit card numbers or even downloading files that turn out to be malicious.

Related to phishing is smishing. As in the previous case, this type of attack impersonates a recognized organization through an SMS that urges the victim to click on a malicious link in order to steal their information, usually by pointing out the urgency of performing a certain action in the link that accompanies the message. 

Vishing, also known as “voice phishing”, uses the voice as the main tool for the scam and uses the urgency of the call itself to increase its effectiveness, making the scam easier to carry out. It also takes advantage of the authority status of a recognized organization to achieve its objectives, which are usually the request for personal and non-transferable information or the action of downloading some file or fake tool.

It should be noted at this point that BBVA never contacts its customers to ask for passwords or confidential information. If someone contacts us pretending to be a bank employee, we should interrupt the communication as soon as possible and alert the company.

Another type of social engineering scam is QRishing. Although it was invented almost two decades ago, QR codes have gained popularity in the wake of the pandemic. They are not only common in restaurants and entertainment venues, but are also used in a multitude of areas, such as museums and tourist sites. Their use has increased so much that cybercriminals are taking advantage of QR codes to achieve their goals. By scanning the code, malicious malware could be installed on the cell phone or take the victim to a fraudulent URL.

How you can protect yourself from social engineering

  • Be wary of any unexpected message that requires immediate urgency or appeals directly to your feelings.

  • Be suspicious of impersonal communications and check that the body of the communication does not contain spelling mistakes or strange characters.

  • If you have doubts about any communication, it is advisable to check the information through other official channels (by telephone, through the web or by going to an office).

  • Don’t trust requests of confidential data such as your password or credit card number and try not to enter your personal data in web pages that you have accessed through unsecured links.

  • Avoid downloading unexpected attachments whose sender you do not know, as they could contain a malicious file inside.

  • Update the operating system, applications and antivirus of your devices.

  • Check the URL of the link provided and compare it with the official one. We also recommend you to check that it starts with HTTPS. If the communication includes shortened links, check them before opening them by hovering over them and viewing the full link with specific tools for mobile devices.