While sharing personal data, if you think that "Sharing that information will not harm me", think twice. The acceleration of digitalization during the pandemic has led to an increase in the number of social engineering attacks.
Instead of an innovative, disruptive, or revolutionary topic, I would like to discuss a topic thousands of years old: Social engineering. Social engineering, which we occasionally encounter or spot on various platforms, is now around every corner under many names and masks.
In the simplest terms, the definition of social engineering is as follows: A method of deriving an unlawful benefit by causing psychological stress on victims with limited data. Although this fraud type is not a new method created specifically for modern conditions, it is now digitalized by keeping up-to-date with today's developments.
The most vital material attackers need for social engineering fraud is our personal data. While we are sharing our personal data on social media platforms, we can also encounter phishing, that is, another fraud method. We address the phishing method by dividing it into two categories:
Targeted attacks: Using this method, a scammer's goal is to access information such as your card number, password, CVC number on the reverse of the card, and online banking login details to get income directly.
Social engineering attacks: With this method, scammers usually obtain the personal data that victims think is not harmful to share. Since this method is based on collecting data for later use for targeted attacks, it is the favorable choice of scammers.
Considering the phishing attacks of recent years, we see that scammers aim to obtain our data via fake websites. The chart below compiles the various types of websites utilized to that end.
I have previously mentioned that social engineering frauds require our personal data to take place. With the pandemic period, we have started to spend a great deal of our lives in the digital environment. In-person meetings have given their place to online connections. We now do most of our shopping online rather than walking through physical stores. Consequently, we have started to leave little crumbs of information behind, introducing ourselves on each digital page we click. All that remains for scammers is to collect this data and combine them with feelings of fear or excitement (the feeling of winning a prize).
Although social engineering was also a popular topic before, the digitalization accelerated by the pandemic has led to an increase in the number of social engineering attacks. Sadly, Turkey is at the top of the list of phishing and social engineering attacks compared to other countries.
So what should we do? Enhancing society's necessary IT knowledge and awareness level is the most potent antidote for social engineering attacks. Public authorities, banks, and financial institutions are already conducting awareness-raising activities. Just like any other awareness activity, these efforts will reflect on society in a certain amount of time. Unfortunately, there will also be inevitable economic losses during this process. We can list some of the measures to be taken as follows:
The efforts to strengthen digital security via innovative solutions such as two-factor and biometric authentication and social awareness-raising activities should continue precisely.
Instead of getting drawn to digital speed, consumers should take action, think deeper, and be skeptical about protecting themselves against social engineering in the digital world.
They should be aware that some information should not be shared in an SMS, e-mail, or phone call. Consumers should also not share any personal data under the influence of the enthusiasm, curiosity, and fear imposed upon them and without questioning the source of the relevant situation.
FinTech Istanbul Advisory Committee Member, Digital CEO