What is Social Engineering?
Put simply, social engineering encompasses a range of techniques that are used by fraudsters to trick a victim into performing certain acts or divulging sensitive information like passwords and credit card details. Social engineering scams use psychological manipulation by preying on human nature, vulnerabilities and trust to trick innocent victims into handing over sensitive information that can then be used to commit fraud.
The term “social engineering” is a broad concept that encompasses a number of more specific techniques, which include:
- Phishing
- Smishing
- Vishing
- Spoofing
These are all variations of social engineering techniques that have been given their own names due to the shocking rise of social engineering scams and the need to more precisely differentiate one method from another.
Although social engineering techniques are increasingly pervasive, such methods are seldom the crime by themselves. In most cases, social engineering is used as a tool that enables the practical completion of economic crimes such as SIM swap fraud, Business Email Compromise (BEC) scams, and stock theft.
Why are Social Engineering Attacks So Dangerous?
Social engineering has become a significant threat due to its capacity to bypass even the most technologically secure systems by abusing the trust we place in one another.
Social engineering’s successful use of subtle trickery and emotional manipulation has enabled social engineering attacks to breach secure digital systems and pull off devastating acts of fraud.
There have been some incredibly high-profile social engineering attacks: celebrity social media accounts have been hacked and used to defraud due to only social engineering attacks, while major corporations and banks have been defrauded after having their highly advanced digital security perimeters breached only due to social engineering attacks.
Other examples of social engineering fraud include Business Email Compromise (BEC) scams that entail criminals faking professional and reputable email accounts in order to extract sensitive information from employees or “authorize” the payment of large funds into fake/malicious bank accounts.
Know Your Customer (KYC) and Know Your Business (KYB) – How to Mitigate the Risk of Social Engineering Attacks
Social engineering attacks can be difficult to protect against because they can come in so many different forms and from so many different avenues.
From the perspective of businesses, social engineering scams can most effectively be guarded against by verifying the identities and information associated with business partners – vendors, suppliers, creditors, debtors and consultants are all business partners that can have their identity stolen by malicious scammers in order to defraud the victim business.
These risks can be mitigated by using clear due diligence and Know Your Business (KYB) protocols that verify identities, validate information and assess risk.
Know Your Business (KYB) Tools and Systems
Fraud committed by business partners is a devastating and costly event for any business to fall victim to – business partners may commit. These risks can be mitigated by taking concrete steps to verify identities and validate information.
1.) Business Registration Checks (CIPC)
Verifying the identity of a business, institution or organization is important to ensure its credibility and legitimacy. Failing to conduct such a check can expose a business to a heightened risk of falling risk to fraud and other financial crimes. In South Africa, a business registration check will pull data from the Companies and Intellectual Properties Commission (CIPC) database.
A comprehensive business registration check should return information regarding the company’s registration date, enterprise name and the duration of registration, tax and VAT numbers, as well as all the current and past director details that are linked to the provided company registration number.
Business registration checks are an important tool for fraud prevention and risk mitigation. By gathering the information provided by a business registration check, a business can assess the legitimacy of a company and scan for important red flags that represent a heightened level of risk, thereby empowering the business to make informed decisions before proceeding with any transactions or relations.
2.) Company Account Verification Services (AVS)
Account Verification Services (AVS) are an important tool for establishing the legitimacy of a company.
Furthermore, company AVS checks are sometimes required by law as part of national AML/CFT legislation. In such instances, failure to comply with AML/CFT requirements can lead to harsh legal penalties.
A comprehensive AVS check will confirm the validity of the bank account number provided by the company, as well as return detailed information concerning the full account details and type of account, the company name and the company registration number that is linked to the account details provided.
AVS checks are also an important tool for fraud prevention and risk mitigation. As fraud schemes grow more complex, fraudulent businesses employ increasingly complex tactics to appear legitimate – for example, a recently opened account is a common yet serious red flag. By conducting an AVS check, a business can assess the legitimacy of a company and scan for red flags, thereby empowering the business to make informed decisions and reduce the risk of falling victim to advanced fraud schemes.
3.) Company Credit Reports
Assessing a company’s credit score is an important step in verifying its legitimacy and credibility.
When conducted properly, a comprehensive company credit report should return a credit summary of all associated directors, as well as a calculated company risk score that takes several factors into account in order to generate a detailed and accurate assessment of the credit risk level of a company.
As part of their national AML/CFT legislation, many countries legally obligate businesses, institutions and organizations to conduct detailed credit assessments before engaging in a wide variety of transactions – in South Africa, Accountable Institutions (AIs) are subjected to an array of such regulatory compliance obligations.
Furthermore, as with company registration checks and company AVS checks, company credit reports are an important tool that a business can use to scan for red flags and mitigate the risk of fraud.
4.) Company Sanctions Checks
It is important to check whether a business is under any sanctions, features on any watchlists or is politically exposed. Failing to conduct a sanctions check can have serious consequences and has the potential to cause serious harm to a business for several reasons.
Firstly, conducting business with an organization that is under sanction can put your business in serious breach of the law. If a business is found guilty of violating sanctions, regulators and law enforcement can impose strict penalties and costly fines, or even impose new sanctions on the business itself as punishment for violating sanctions law.
Secondly, conducting business with a company, institution or organization that is politically exposed or has a lot of adverse media published about it risks exposing a business to controversy and public fallout that can cause serious harm. By conducting a sanction check, a business can know exactly who it is about to go into business with and therefore make informed decisions about whom it associates with.
Identity Verification, Data Validation and KYB Services for South Africa
By conducting these checks on businesses, one can better ensure that you are not doing business with malicious actors who are trying to fool, manipulate and defraud your business.
As South Africa’s leading provider of world-class due diligence and remote-onboarding solutions, ThisIsMe is proud to be at the forefront of a trust-based and privacy-compliant digital world. To experience our full suite of advanced due diligence services and see how we can empower your business, contact our team here.
