Slander "engineering"!

The fraudsters did not leave a way or a path except to follow it, sometimes they claim that the victim won a prize for stealing it, and other times by impersonating well-known personalities and names on the pretext of providing assistance, then the ax falls in the head and the balances are lost. Phishing Provides Pretext Phishing Voice Phishing SMS Use the barter method Spamming contacts then email hacking. Social engineering fraudsters take advantage of human vulnerability by tricking someone into revealing information or enabling them to access data networks. It is surprising the number of people who do not hesitate to volunteer to give this information, especially if it appears that it is required by an official body or a government site, and the method of using deception to manipulate individuals to enable access to information or data or its disclosure succeeds without the victim knowing or revealing that he has fallen into the frauds’ nets. .

Fear… curiosity and distraction

Security researcher and expert in cybersecurity and combating cybercrime, Muhammad Al-Sorayi, believes that many people adopt the method of protection and pay attention to their security and safety on the Internet, by securing their smartphones, laptops and tablets and knowing how to preserve them away from hackers and malicious software, but there is another aspect of security through The Internet is of much greater importance and the most effective element in security protection is the human element, which may be manipulated and deceived; With the aim of obtaining data, information or funds that would remain private, secure and inaccessible without the use of social engineering means.

Al-Sorayi adds that the methods are multiple, as the fraudster uses his skills to target human weaknesses in an attempt to circumvent the controls and procedures that would prevent him from obtaining the information he needs, and thus facilitates defrauding him through online financial services or any information that helps them obtain money. .

The security researcher emphasized that fraud targets the psychological aspect of humans, as hackers use some basic stimuli of human behavior such as instilling fear, curiosity and distraction.

Check.. who is talking to you?

Al-Sorayei indicated one of the most prominent phishing methods, which is via a text message that may bear the status of a trusted bank or company that wants its customers to “confirm” their security information, and then direct them to a fake site where their login credentials and personal information are recorded, and thus the victim falls within seconds. and stole it.

It offers several solutions to avoid falling victim to social engineering, the most prominent of which is not to share any information or any personal data with any party and under any pretext or reason, and to verify the people you talk to, whether by phone, e-mail, instant communication services, etc., and not Opening email attachments from unknown people, through which malware is spread to obtain personal information.

He stressed the need to secure a mobile phone or computer and rely on spam filtering by relying on special tools, as well as strong anti-virus programs that include tools to combat phishing messages and pages.

He argued that two-factor authentication should be used for accounts so that simply having your password is not enough to access the account, and this may include voice recognition, the use of a security device, fingerprints, or SMS confirmation codes.

Saudi banks warn…

The Banking Awareness Committee of Saudi banks has warned customers of new methods of financial and banking fraud based on the means of social engineering, as weaknesses in the victim’s mind are exploited and psychologically manipulated, which leads to the disclosure of confidential and protected information and data.

The committee revealed that the most common social engineering tricks used in bank fraud is to create fake links, claiming to be official parties or personalities, to deceive the victim as trusted parties, asking to share his bank information and bank cards. The committee warned against falling victim to those accounts that resort to fabricating several stories to deceive the customer. The commission warns customers not to provide scammers with a verification code. She explained that social engineering tricks and methods used in financial fraud are based on a set of techniques to make people perform a job in a way that helps in disclosing banking information and sharing authentication codes that enable the fraudster to enter the victim’s account and transfer money or exploit bank card information and withdraw funds as soon as information and codes are shared. Documentation, stressing that bank employees do not ask for confidential information of customers in any case.

In a statement, the committee called on bank customers and community groups to be aware of the latest methods of fraud, not to share bank card information and password with any party under any pretext, not to respond to investment advertisements and trading fake shares, and not to visit random links sent such as links to update information, and to ensure that Change the secret numbers of bank cards periodically, especially when returning from travel from abroad.

The committee also called not to be deceived by the presence of bank logos through fake websites and pages, and to ensure the reliability and credibility of electronic shopping sites, and that they are informationally secure, as well as ignoring text and electronic messages claiming to win in-kind and cash prizes and deleting them immediately, indicating that the customer must always resort to the sites and applications of banks. Official channels only, and that bank data and personal information should be updated through the official channels of the bank only.

Imprisonment and a fine for fraudsters

Legal Counsel Saif Ahmed Al-Hakami confirmed that the penalty for fraud and fraud in Saudi Arabia provides for imprisonment for a period not exceeding 3 years and a fine of no more than two million riyals, or one of the two penalties for each person who commits any of the classified information crimes; Including the appropriation for himself or others of movable money or a bond, or signing this bond by fraud, or taking a false name or impersonating an incorrect capacity. In the event that fraud crimes are combined with money laundering crimes, the offender shall be punished with imprisonment for a period of no less than two years and not exceeding 10 years, adding that he shall also be punished with a fine not exceeding 5 million riyals or with both.

Al-Hakami explained that Article 3 of the Information Crimes Control Law stipulated a prison sentence of no more than a year and a fine of no more than 500,000 riyals, or one of the two penalties. For every person who commits the crime of illegally entering a website, or entering a website to change the designs of this website, destroy it, modify it, or occupy its address.

Article 5 of the Anti-Cybercrime Law stipulates imprisonment for a period not exceeding 3 years and a fine of no more than two million riyals, or one of these two penalties. For every person who seizes for himself or for others a movable property or a deed, or signs this deed, by fraud, taking a false name, or impersonating an incorrect capacity.

The same penalty shall be imposed on whoever accesses – without a valid legal justification – bank or credit data, or data related to the ownership of securities to obtain data, information, money, or the services it provides.

#Slander #engineering

Leave a Reply

Your email address will not be published.