Ms Kanwaljeet Kaur is a global icon in the field of forensic accounting and fraud investigation. With her degree in chartered accountancy and extensive knowledge and skill set in corporate fraud investigation, she is a brand in herself. She is a founder of a start-up in the Edutech domain called Kapp Edge Solutions which provides fraud prevention and anti-money laundering training to Corporates, MNCs, banks, and government departments such as CBI, SFIO, and Customs, NARCO and working executives all over the world. Her second successful venture is into fraud prevention consulting called Krish Consulting. This boutique firm specializes in anti-money laundering anti-corruption corporate fraud investigation, forensic accounting and cyber security. Kanwaljeet is a prominent face and member of recognized bodies such as the PHD chamber of commerce, MSME forum India, the Delhi government’s business blaster scheme and many other entrepreneurship and women empowerment initiatives. She is a dynamic and goal-driven individual who achieved success at a very young age. She served corporates for almost a decade after clearing her CA exam on the first attempt. In 2012, she started her own venture, which is a global brand today.
What is social engineering?
Social engineering is the art of manipulating people. Social engineering can also be understood as a means of exploiting human errors and behaviours to conduct a cyberattack. The types of information these criminals are seeking can vary, but it usually may try to trick you into giving them your passwords or bank information or giving them control over your computer where the fraudster can access private and confidential information.
Size of social engineering attacks
According to Verizon’s 2021 Data Breach Investigations Report, 85% of breaches involved the human element, while social engineering was an integral part of 35% of those incidents. As per Kanwaljeet Kaur, a cyber and financial fraud investigator, the success rate of such attacks is close to 80%. Her wide experience in the corporate investigation also revealed that approximately 45% of employees of the company DO open suspicious emails, just because they think “it might be important”.
How emotions are used to commit cyber-attacks:
Fear- You receive a voicemail that says you’re under investigation for tax fraud and that you must call immediately to prevent arrest and criminal investigation. Cybercriminals prey on the stress and anxiety of filing taxes and use these fear emotions to trick people into complying with the voicemail.
Greed- Imagine if you could simply invest INR1000 into bitcoin under a specific scheme, and see this grow into INR10,00,000 without any effort on your behalf? Cybercriminals use the basic human emotions of trust and greed to convince victims that they really can get something for nothing.
Curiosity – Cybercriminals pay attention to events capturing a lot of news coverage, and then take advantage of human curiosity to trick social engineering victims into acting. “OMG, your images are live on the wrong pages of Instagram, someone put all your photos on there, and if that doesn’t get you to click, then maybe the closing line will: “You can even see who added you on it!” Can this really be true? the end-users may become curious and click on the link.
Helpfulness- Humans want to trust and help one another. Fraudsters target two or three employees of a company and send them an email that looks like a genuine e mail from their manager, the email asks them to send the manager the password for the accounting database. He stresses that it is required to make sure everyone gets paid on time. The email tone is urgent, tricking the victims into believing that they are helping their manager by acting quickly.
Urgency – You receive an email from customer support at an online shopping website such as amazon/flip kart, telling you that they need to confirm your credit card information to protect your account. The e-mail has not actually come from a genuine provider but it looks like the one. The email shows an urgency to respond quickly to ensure that criminals don’t steal your credit card information. Without thinking twice and because you trust the online store, you send your credit card information and your mailing address and phone number. A few days later, you receive a call from your credit card company telling you that your credit card has been used for thousands of rupees in fraudulent purchases.
8 ways of Social Engineering Attacks
- Phishing: The most pervasive way of social engineering, fraudsters will use deceptive emails, websites, and text messages to steal sensitive personal or organizational information from unsuspecting victims.
- Spear Phishing: This type of email scam is used to carry out targeted attacks against employees of a particular company. Fraudsters do as in-depth research on potential targets and their organizations before doing this attack.
- Baiting: This type of attack can be perpetrated online or in a physical environment. The victim usually promises the victim a reward in return for sensitive information.
- Malware: it may include ransomware, victims are sent an urgently-worded message and tricked into installing malware on their device. A popular tactic is telling the victim that malware has already been installed on their computer and, if they pay a fee, the sender will remove the software for them.
- Pretexting: In this, the perpetrator assumes a false identity to trick victims into giving up information. 6. Tailgating: These attack targets individuals who can give the criminal physical access to a secure building or area.
- Vishing: In this scenario, cyber criminals will leave urgent voicemails to convince victims they need to act quickly to protect themselves from arrest by CBI, police or income tax authorities due to some irregularities in their financials.
- Water-Holing: This attack uses advanced social engineering techniques to infect both a website and its visitors with malware. The infection is usually spread through a site-specific to the industry the victims operate in, like a popular website that’s visited regularly.
Ways to Protect Yourself:
- Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
- Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, , answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it.
- Set your spam filters to high. Every email program has spam filters. Spam filters are available in G Mail as well which can be found in the settings options. Gmail spam filter is a very complex software that doesn’t require basically any attention to work as intended. You can, however, change some Gmail spam settings to tweak it to your liking.
- Secure your computing devices. Install anti-virus software, firewalls, and email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so.