Social engineering is a manipulation technique used by fraudsters to get you to share personal and confidential information, or to perform an action for their benefit.
Social engineering can happen over the phone, in person or digitally.
People often don’t realise it is happening as they can be naturally trusting and criminals use sophisticated techniques, invoking fear, panic or building a friendship.
Social engineering is also used in scams to make people take action where they wouldn’t normally do so. For example:
- sending a payment to an account without verifying that it’s genuine
- allowing someone access to devices
- giving away personal or security information without realising the other person is a fraudster.
The fraudsters impersonate a trusted source such as your bank, the police, or even a friend or family member.
A few examples of social engineering are:
In a remote access scam, a scammer attempts to persuade you into giving them remote control over your personal computer. They do this by asking you to download a legitimate app such as TeamViewer or AnyDesk, or by simply getting you to click on a link.
You should never allow remote access to your devices unless you have verified that the caller is genuine and trusted. Even if access is granted, never open any banking apps or windows. Remote access gives the other person full access to view and act on everything you can.
Phishing (emails), smishing (text), and vishing (voice calls):
These are the most common social engineering tactics. They can appear very real and are increasingly difficult to know if they are genuine. Never reply or act on anything without verifying that it’s from a legitimate source. Visit our ‘How do I report fraud and scams?’ section on this support page to learn more.
These scams trick online shoppers into thinking they’re dealing with a legitimate contact or company when it’s actually a scammer. Fraudsters can advertise on social media, genuine selling sites, create fake websites or hack sellers’ accounts.