Social engineering – do not let yourself be interrogated

Obtaining information by phone or email is a common way of getting to your data – or your money. The caller will put pressure on you (“if you do not give me your password, your access will be blocked”) and thereby try to manipulate you. Consistently refer callers who wish to ask questions about federal affairs to your communications unit and inform your superior about such calls or emails.

Beware:
Such requests can also be made by email. In this case, delete quickly with the key combination Shift+Delete!

  1. Do not trust every caller or email.
  2. Do not let yourself be intimidated or pressurised.
  3. Never disclose passwords or PINs on the phone or via email.
  4. Do not disclose any business information to strangers.
  5. End implausible calls immediately and delete emails with obscure content straight away.

Further information

What is social engineering?

Social engineering is an interpersonal manipulation with the aim of causing people to behave in a certain way, e.g. to divulge confidential information, to buy a product or to release funds. Social engineers spy on their victim's personal environment, simulate identities, or exploit behaviours such as authority to obtain sensitive information or unpaid services.

What is phishing?

Phishing is a well-known and impersonal variant of social engineering. In this impersonal variant, fake e-mails are sent to the potential victims with a trustworthy appearance. The content of these messages can be, for example, that a certain service has a new internet address (URL) and prompts the user to log in only on this page if the service is used. This fictitious site is a copy of the original website of the service provider in terms of design and layout. This should help to lull the victim into a false sense of security. This is how criminals get hold of login names and passwords. 

 

Beware of false money promises

Promises of money are exceptionally dangerous. In such cases people make contact (by letter or by phishing mail) and claim to have received a large inheritance. In order to take possession of the inheritance, however, they insist they need the help of someone who is willing to make his or her bank account available to receive the payout. The reward offered for this 'help' is princely (usually several million).
What happens now?
Once the victim has transferred his or her account information, an attacker can plunder the bank or postal account. However, often the victim is also required to transfer funds to cover the legal costs needed to trigger the payment of the expected millions.
It should be self evident that once the money has been transferred, contact ceases.

Specialist staff
Last modification 04.05.2019

Top of page

https://www.isb.admin.ch/content/isb/en/home/themen/sicherheit/informationssicherheit/social_engineering.html