Many companies invest a great deal in security systems but very little in training their staff. They feel that having protocols in place means that protocols will always be followed and that this offers robust protection against fraud. This is not true. Humans are extremely vulnerable to social engineering attacks and employees trained to follow protocol are no exception to this. If you don’t believe, please read and watch this.

So what is social engineering in terms of fraud?  It can be defined as a deception to manipulate and coerce individuals into divulging confidential or personal information, which is then used for fraudulent purposes. Not everyone is equally susceptible to social engineering attack. My own research found that some people are more compliant, impulsive or less vigilant and those traits will make them more likely to succumb to fraudulent attacks. Understanding and addressing these vulnerabilities is the key to fraud prevention. Equally, detecting and understanding scam techniques used in social engineering attacks is also extremely important. See this example – induced urgency (baby crying) will encourage customer service agent to rush decisions and likely compromise the company protocol. This is not an employee problem. Everyone is vulnerable to social engineering attacks under certain circumstances. Continuous education and awareness are the keys to tackling this problem.

Just as it is important to understand how your employees can be vulnerable to social engineering attacks, it is also important to understand that any decision or protocol implemented by an organisation may create a loophole or an opportunity for fraudsters to infiltrate the system. Take customer service, for example.

It has become customary to ask a customers for feedback each time they receive a service or contact customer service for help. This feedback often leads to incentives for employees providing customer service and frequently may also be used to penalise employees that have unsatisfied customers. Reality is that you cannot please all of the people all of the time and customers can sometimes  demand impossible things. But having these ‘feedback systems’ in place can influence how your employees behave when they provide customer service and this can compromise safety of customers and affect your company’s reputation. For example, if a customer is unreasonable and wishes to source some personal information details they forgot or misplaced, would you expect your employees to breach company protocol to make that customer happy? Probably not, right? But if you also have systems in place where your employees are always monitored and encouraged to have impeccable customer satisfaction record, you create anxiety and encourage company protocol to be broken to achieve this. And this makes you an ideal target for any fraudster that wishes to source personal information that will likely be used for fraudulent activities somewhere else.

It is likely that this types of attacks will be happening more and more. They are extremely lucrative to criminals and can often lead to customers’ bank accounts being compromised and funds stolen, therefore a lot of effort goes into designing these attacks. This can leave your organisation open to lawsuits in the future. Don’t assume basic training and protocol is enough to protect your organisation from social engineering. Always seek better preventative measures, keep on top of new fraud techniques and never underestimate what fraudsters are capable of doing.