Cyber fraud linked to social engineering phishing attacks has increased by 21% in a year according to the City of London Police’s National Fraud Intelligence Bureau (NFIB).
Social engineering phishing is a non technical method of intrusion used by cyber criminals that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.
Typically, the aim is to trick people into malware laden email attachments or to divulge sensitive information that can be used to steal information and credentials to commit fraud.
The harvesting of account and login information is known as phishing and can happen through fake emails, phone calls, texts or social media posts.
Phishing attacks frequently involve piecing together information from various sources- such as social media and intercepted correspondence, to appear convincing and trustworthy.
The most common themes for contacting potential victims are an update to BT account details, an iTunes invoice and a tax refund.
Others themes include Tesco vouchers, Apple ID, accident injury claim, invoices, suspended bank and credit card accounts, and Sky services upgrades.
According to the government backed GetSafeOnline campaign, cyber criminals have become increasingly sophisticated in their attacks, with more than 95,500 phishing scams reported in the 12 months up to October 2015.
Research by GetSafeOnline reveals that 26% of victims of online crime have been scammed by these types of social engineering emails or phone calls.
According to the research, 29% of reported phishing emails contained a potentially malicious link that could infect a victim’s computer with malware, 17% requested a reply and 15% requested personal information.
The research notes that although the number of emails with malicious links is decreasing, requests for money transfers are on the rise.
In response to these findings, GetSafeOnline has launched an advertising campaign to warn of the dangers of social engineering, in partnership with Barclays, NatWest, Royal Bank of Scotland, Lloyds, Halifax, Bank of Scotland, City of London Police, anti-fraud organisation Cifas and Financial Fraud Action UK (FFAUK).
Phishing attacks are the most popular causes of data breaches in the enterprise. Phishing attacks on mobile devices are increasing as adoption of internet connected mobile devices and services grows.
Tony Neate, chief executive of GetSafeOnline, said social engineering is becoming ever more targeted and personal.
“What is worrying, however, is the complex nature of these scams and how they tap perfectly into feelings that make us panic,” he said. “If you get an email purporting to come from someone we trust, such as our bank, about something that is emotive to us all, like money, and then demand that we act urgently, it’s almost like the perfect storm.”
The newly launched advertising campaign aims to encourage people to think twice before they act and not to let panic override common sense.
The campaign highlights the importance of having strong passwords or pass codes to secure devices, and ensuring that all software and apps are up to date.
Research shows that email is the most popular channel for phishing, accounting for 77% of all reported incidents, followed by phone calls, making up 12% of incidents.