Social engineering is a method of unsanctioned access to a user’s informational resources, the process based on human psychology peculiarities. Like the other hackers and burglars, the social engineers’ primary goal is gaining access to an individual’s personal data with an intention of information, password, etc. larceny. In this case, a subject of assault is not the computer, not even the information system of E-Pul, but the user himself, and that is the main distinction from a standard cyber attack. That’s why social engineers’ methods and techniques are focused on using any weaknesses of the human element, which is considered being extremely destructive as a simple telephone talk can offer the hacker some information about the individual, not to mention the spurious letters the hackers usually send for acquiring information. These attacks could be prevented on the condition the individual is aware about the most widespread kinds of fraud, realizing what it is that the malefactors wish for, thus organize an appropriate safety policy.
Pretexting is a set of actions, carried out in accordance with a certain, predefined scenario (the pretext). This technique involves vocal facilities usage, such as telephone, Skype, etc. for gaining information from an E-Pul user. Generally, after introducing themselves as some kind of a third person or pretending being an E-Pul employee, the victim is asked to inform about his password or authorize on a particular fishing web page, thus making the victim perform an indispensable action or give out certain information. Requests involving dropping or changing the current telephone number on the E-Pul account to the one offered by the hackers, are also possible, and that is what allows the malefactors gain absolute control over the victim’s account. In most cases, the given technique requires some primordial knowledge on the victim (for instance, some personal data like dates of births, telephone numbers, account numbers etc.). The most widespread strategy is using at first some modest inquiries as well as mentioning real people’s names in the organization.
Fishing is a kind of internet fraud, the main goal of which is to gain access to social network, payment systems, different types of sites users’ confidential data. It is probably the most popular scheme for social engineering nowadays. There is not a single large information leak that occurs without the presence of fishing distribution that follows. The fishing’s primary goal is an illegal gain of confidential information. One of the most striking examples is when a victim receives a letter on the email, fabricated for an official letter from a bank or a payment system – that strictly requires check-up of certain information or doing certain things. There could be loads of reasons for “letters” to come. For example, data loss, system breakage and etc. Such kinds of letters usually have a link to a false web page, the URL of which is much like the real website’s. There is always a form to fill, when entering those sites. Any information, entered by the user on the above-mentioned website is directly available for the swindlers.
Different programs, located in the computer without the user’s consent, and that could be quite harmful are called malware, or harmful software. Viruses, worms, and Trojan horses are some famous examples of such problematic programs. Harmful programs, most commonly enter the computer through the Internet or by email. If there is any mistake in the URL address of the site, or just accidentally an unknown site is entered, one can hit a dangerous website with “aggressive” content or harmful programs. One of the most widespread methods of confidential information theft is the infection of the users’ computers by viruses and other types of harmful software. Be attentive! Don’t trust sites that offer You install any kind of software, spread on behalf of E-Pul, don’t move on web links and don’t install any apps or safety upgrades, that have come through SMS messages or email, even if they are from E-Pul.
E-Pul Safety advices
The main safety rules, that are recommended to the users electronic payment system of E-Pul:
- Never inform anybody of Your password, including the staff members from payment systems.
- Always check that the internet connection process is taking place in safe mode of SSl – in the right lower corner of the browser there must an icon symbolizing closed lock.
- Check that the connection is strictly made with the payment system address or internet bank.
- Make sure the computer isn’t struck by any kind of viruses. For that, install and activate antiviruses and firewalls. These antiviruses should constantly be upgraded because there are some viruses that transform the information of Your password to third party.
- Use software that come from trustworthy and reliable sources, and always perform regular upgrades.
- Think of a complicate password for Your electronic purse. Try to leave out any signs of personal data in Your password like names, birth dates, etc. At the same time, don’t use account or email passwords in social sites. Try to make a unique parole for every occasion.
- Don’t inform or transform or send Your electronic purse password, when a request comes from electronic payment sites, to confirm Your login or password.
- If there’s such a possibility, use a virtual keyboard on the display where You enter the password.
- Never save any information about Your password on any bearers, including the computer. If you have any suspicions that anyone has access to Your personal cabinet, change the password and block Your bank account/invoice.
- Be careful while entering sites with doubtful content. That is where new Trojans (spy programs for secret data transfer) are located, and there are maybe not enough facilities to destroy them using Your antivirus (if You happen to use it).
- After You finish Your work, push the button “Exit”.
- Don’t trust strangers that promise a present for a driblet, asking for a low sum of money, for a “share interest” or “translation design”.
- Don’t participate in financial intrigues, machinations or pyramids that secure instantaneous income and demand means enclosure.