(4 min read)
October is Cyber Security Month, where everyone involved in protecting people and systems come together to promote better security, better behaviours and better awareness.
It’s a global campaign – and it needs to be because cybercrime is a global problem.
In Europe, the focus is on ‘social engineering’. This is where hackers use the power of persuasion to gain entry to systems and steal money or information – or both. Hackers manipulate people and take advantage of our natural tendency to trust and to help. And so we have to be aware of this threat and learn how to combat it.
This is exactly what we do at Psybersafe – but we take things several steps further than most cyber training. Where many others just deliver knowledge, we change behaviour. If you want to be smarter than a hacker, and thwart their criminal approach, you need to behave in a way that means the hacker cannot get through you to the data they want to steal.
What does social engineering look like?
Let’s share a real-life story. A friend’s son, who is currently at university, got scammed. He’d just gone back to start his second year. A man called ‘Gary’ from ‘High Street Bank’ (we’ll keep the name out of it whilst investigations are ongoing) contacted him by text message. The message looked legitimate.
Gary spoke to the student, and advised him that his account had been hacked and he should move his money to a safe account (if you follow Psybersafe regularly, you’ll recognise the type of scam). So the friend’s son complied – Gary was from the bank, he sounded helpful, friendly but quietly urgent. Not content with moving the money in his account, Gary then told him that the criminals has accessed his overdraft and the student loan he was eligible for - so he needed to reverse it immediately. So he did, and unfortunately that meant he took out the overdraft and the loan and sent the money to Gary the hacker as well.
Can you imagine the sinking feeling this student got when he realised he’d given all his money to a criminal?
It sounds unbelievable doesn’t it? But this happened to the son of my cyber security expert friend. Someone who thinks he knows what a cyber scam looks like. It’s also happened to a High Court judge we interviewed. And an accountant we wrote about.
Unbelievably, in this case, the bank in question allowed a student to send all his money, take out an overdraft AND take out a loan online within an hour, on a Friday evening! Without question.
I bet you know of someone who has had something similar happen to them, don’t you?
Trust us. Hackers who use social engineering are smart. They know what is likely to trick you. Even the most savvy of us can be taken by surprise if we think we’ve had a message, call or communication from someone we should trust. The only thing we can do is arm ourselves with a range of behaviour-led actions that we apply to everything we do. For example:
- Never assume that a caller is from your bank. Tell them you’ll call them back, disconnect the call and call the bank on their published number – it will be on their website, your app or your bank statement.
- Never call back on a number the caller gives you – this will be a number that goes straight to the hacker.
- Never give your PIN number, online banking password or app password to anyone. Your bank will never ask for it.
- Never transfer money out of your account on the say-so of a single caller. Call your bank’s fraud team.
- Don’t reply to texts or WhatsApp messages that say they are from your bank. Again, go to the website and use the contact details there.
- If you think you have been scammed, call your bank immediately (on that published number). And report the scam to Action Fraud so you get a crime number.
And DO be ‘healthily paranoid’ when it comes to anyone you don’t know asking you to share personal information of any kind!
And even if you do think your bank’s call is genuine, explain you are playing it safe. They will understand. If you do this and the caller tries to convince you not to – you know you are talking to a hacker.
You CAN be smarter than a hacker. It just takes a change in the way you behave. That’s why we created our dedicated behaviour cyber training – Psybersafe. Why not get in touch to find out more? We’re always happy to help you be safer and more secure.
If you want to know more, do feel free to reach out. And if you have not read the Dr. Cialdini’s book Influence, I wholeheartedly recommend it (and we don’t get paid for this recommendation, by the way).
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.