Have you ever received a text message, a pop-up notification in a site you visited or an email that triggered curiosity, a sense of urgency or fear? If you are familiar with the above, then you may have been a potential target of a scam and malicious exercise called social engineering.
Social engineering is a manipulation technique used by cybercriminals to compel people to give their confidential information. It tends to deliberately deceive people as it relies on human error. The type of information that cyber criminals seek through social engineering may vary but when individuals are targeted, they are tricked into revealing their passwords, bank account passwords or payment card details, or login details for social media accounts or accessing your computer virtually to secretly install malicious software in your machines that will give access to your passwords as well as giving them control over your device.
Phishing tends to be the most prevalent and strongest attack method of social engineering experienced today. It occurs in different forms and features like text message alerts, anonymous calls requesting you to key in certain details in your devices, stray website links and emails with unacknowledged attachments. An analysis by Kaspersky has revealed that 5,098,534 phishing attached were recorded in Kenya in the second quarter of 2022 alone.
However, these attempts are noticeable and can be mitigated. Here are ways of identifying phishing attempts and how to evade them:
Mysterious messages and emails
One of the modes of identifying phishing attempts is when you receive messages and emails that are attention-grabbing, from anonymous sources offering giveaways which seem too good to be true. Such messages usually include winning a lottery, electrical devices such as a computer or mobile phone.
Once you agree to follow the instructions, the cyber criminals derive data from your mobile phone or computer and use it for various malicious operations, such as stealing your money, or compromising your network. It is advisable to always visit the official website of the business if you see a giveaway offered on e-mail or on social media to confirm the giveaway exists.
Emerging hyperlinks and attachments in websites
In other instances, phishing attackers use attachments and hyperlinks in websites that you often visit and will try to prey on you. The hyperlinks are often persistent and keep popping in the websites. It is therefore advisable to avoid clicking on links that come from unknown sources either through e-mails, messaging apps or social networks.
Messages or calls that create a sense of urgency or fear
Cybercriminals, when trying to phish delicate data from you usually apply the tactic of creating a sense of urgency or fear. In their quests to dupe you, they will request you to act fast by saying that you have limited time or threats to scare you into doing what they want. For example, cybercriminals can call you and claim to be from a financial institution and tell you to send personal information. These messages are accompanied by threats of account suspension and/or fines. It is therefore advisable that you personally visit the offices of your financial institution or get in touch with them using their official contact numbers.
Messages with grammatical errors and typos.
Cybercriminals are often less concerned about being grammatically correct. This means that typos and spelling errors are often evident in phishing messages. Such errors in an email or a message could be a good indication that the message is not genuine.
Despite hackers regularly establishing new ways to commit cyber-crimes, there are measures that we as a bank have taken to safeguard your data from phishing attempts. Such measures include cyber awareness trainings on how to handle cyber threats. We also make sure that personnel handling our digital systems is of high integrity so as to avert any insider threats. We have also applied a robust technology that has enhanced the monitoring of our channels such that cyber attackers cannot get to breach our systems. It is our role to ensure that not only are you safe from cyber-attacks but also our staff and organization is safe from such breach.
However, in order to counter phishing attempts we all have a key role to play by being vigilant. If you ever suspect that the security of your account, device or data has been compromised, get in touch with us for assistance and advice as your trusted financial partner.