Phone 1300 365 7 24 | Email
About UsCommunityAccessSavingsInvestingLoansInsuranceInternet Banking
Internet Banking Features
Online eStatements
Online Security
Vasco Tokens
Register Today
User Guides
I-Saver Account

Social Engineering

Social engineering is referred to as an approach to gain access to information, primarily through misrepresentation, and often relies on the trusting nature of most individuals. It involves the conscious manipulation of people to obtain information without the individual realising that a security breach is occurring. Whilst there are a number of social engineering methods, the two most common methods to lure financial institution members are phishing and job related scams.

Phishing

One common social engineering scam is Phishing. The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data before reeling them in.

The most common form of phishing is where a fake email is distributed (or website constructed) masquerading as legitimate online services providers (or other legitimate sources such as the Reserve Bank, MasterCard, eBay, PayPal, charities or even the police) to induce consumers to disclose their personal and financial details, which is then used to steal from their accounts.

A phishing email usually requests a customer's details using the pretence of a systems upgrade, for account reactivation, a periodic update of customer details or because the account has been compromised and details are needed for security purposes. There are other rouses as well as using real graphics and links to genuine websites to give the impression of authenticity. However, these are all are deceptions elaborately designed to commit fraud.

Job Scams

Members should also be alerted to a number of fraudulent job scams advertised on the Internet which entice users to act as “money transfer agents” for a third party.

Consumers are duped into using their own accounts to transfer money for third parties as part of an ostensibly legitimate business transaction for a commission based on a percentage of the transfer. In fact, they become part of a money laundering operation for transferring stolen money. Again, these false job websites appear very professional and can be very convincing.

Additional Resources
Australian Competition & Consumer Commission - Scamwatch
Internet Industry Association Security Portal
Fraudwatch International (detailed information about Phishing, Identity Theft, Internet Fraud, Lottery Scams & Nigerian 419 Scams)
Anti-phishing Working Group

© 2008 Home | Disclaimer | Mutual Banking Code of Practice | FSG
  Conditions of Use | Constitution | Privacy | Fees & Charges