Examples of Social Engineering and how you can spot them
Here are some examples of how Social Engineering can be used, to help you identify potential cases in the future:
• You may receive an email from someone pretending to be a client or supplier requesting that a payment be made to a different bank account.
• You could receive a link from a fraudster that takes you to a login page that will then gather your username and password.
• You could receive an email from an apparent senior member of staff asking for a payment to be made or for something to be purchased.
• You might receive a call that is apparently from your bank, asking for account verification information. Real banks will never request your personal information over the phone without being contacted by you first.
• For a physical example, you could be tailgated into a secure building or area and confronted in person.
Protecting Against Social Engineering
Securing payment processes
It is vitally important to have a policy and process in place to make sure that payments are made to genuine recipients.
These guidelines will help eliminate any risks:
• You must only make payments using the bank account details on file.
• Never update the bank account details for a recipient without checking with them verbally. Call them back on a number you have on record for them (not the number in an email requesting a change).
• You must ensure that payment approval processes are in place. The person raising the payment should not authorise the payment.
• Always double check everything. If anything seems at all suspicious, don’t do it.
Adapt your own behaviour with these general precautions
• It’s better to be overly suspicious than careless. Unfortunately, if it sounds too good to be true, it probably is.
• Employ your sleuth skills – check the writing style, language, grammar, and punctuation. If an email seems out of character for the recipient, speak to the sender in person.
• Don’t click on link if you don’t know the sender. Check web address is is going where it claims to be going, and doesn’t look suspicious, for example a long line of symbols and numbers.
• Always check the email address thoroughly. Sometimes they can be hidden. If the email address doesn’t match the name or the domain sounds strange, it’s likely to be a phishing scam.
How will Knight Frank help to protect you?
Knight Frank can help to protect you following these simple guidelines:
• We don’t share confidential details with other people and will protect any personal and financial data you share with us
• We protect documents that could be useful to fraudsters. For example, copies of bank statements and passports are often used as proof of identity, so we don’t let anyone have access to them that doesn’t need them.
• If we don’t need it, we don’t record it. For example we won’t record credit card numbers or personal health details.
• We will agree ways of checking identity with you. We will confirm our identity prior to discussing sensitive information