Illustration showing a mobile phone with call buttons, text speech bubbles and a siren. Text in the picture: “It sounded really urgent, so I didn’t question it ...” No good story ever started this way. If a request arrives unexpectedly or seems suspicious, end the communication. Learn more now and prevent fraud.

“It sounded really urgent, so I didn’t question it ...”
No good story ever started this way.
If a request arrives unexpectedly or seems suspicious, end the communication.
Learn more now and prevent fraud.

Social engineering is a method used by attackers to try and obtain sensitive information or trigger a certain response in people by applying psychological tricks to manipulate them. The fraudsters’ techniques include pressure, deceit and specifically exploiting people’s trust in others. This manipulation often goes unnoticed and can basically affect anyone. That’s why it’s so important to stay vigilant and to protect your personal data.

Protect yourself against social engineering attacks by ...

  • disclosing as little information about yourself as possible. On social networks in particular, you should only ever divulge information very sparingly.
  • never letting anybody else know your passwords or codes – such as card PINs or online banking credentials. Access data and PIN codes belong to you and you alone!
  • being wary when receiving requests by email or telephone – especially if pressure is exerted on you. Even emails from known senders and telephone calls received from familiar telephone numbers can be fake!
  • for more information on how to protect yourself against fraud, please visit ubs.com/security.

Social engineering attacks often aim to elicit personal or confidential information (such as access data, passwords, etc.) from you, to then use it illicitly.

As a first step, criminals try to collect as much information about their victim as possible. That’s because this makes it easier for fraudsters to mislead people, for instance by pretending to be someone they know.

Social networks in particular, such as Facebook, LinkedIn, Instagram, etc., contain a great deal of personal information. Based on this data, attackers can then specifically address someone. Thanks to the information collected, they seem trustworthy.

Generally, the only protection is to maintain a healthy dose of suspicion towards strangers – but also towards people you (seemingly) know. It is also a good idea to think carefully about the information you disclose about yourself, and who you disclose it to.

In case of suspicion, end the conversation

If you are contacted unexpectedly or if anything seems suspicious in general, do not disclose any further information and end the conversation. You can report suspicious activities here.

Examples of social engineering attacks

  • You receive an email from your boss asking you to make an urgent payment.
  • You receive an email asking you to click on a link and then log in, or to disclose personal details.
  • Someone calls you to ask you questions for a survey (e.g. about how much you earn, security measures on your computer, etc.).
  • An attacker fakes the sender address of an email and pretends to be someone you know (potentially with an attachment containing malware).
  • Someone pretends to be an engineer (for instance working for a communication company, an electricity provider, etc.) and tries to gain access to your computer, house or company this way.
  • Some social engineering attacks even involve people purposely applying for a vacancy in a company to then proceed to steal specific information.