What is Social Engineering?

Social engineering at its core is neither good nor bad. It is a set of skills that focus on behavioural manipulation that can be used by anyone in order to persuade someone into doing something or providing information for the manipulator's benefit. 

This article will cover some of the basics of social engineering from the perspective of a phishing attack and how fraudsters might use these techniques to trick people into revealing sensitive and personal information about themselves.

Social engineering is employed in phishing campaigns to manipulate people's trust and emotions in order to exploit them.

The goal of social engineering, in relation to phishing campaigns targeting financial institutions such as N26, can range from obtaining sensitive information like passwords or financial data to gaining unauthorized access to systems or facilities.

Fraudsters might use techniques where they claim that they're working for N26 (such as in the fraud department) and ask you to confirm and/or share personal information such as email address, password, or login codes. In some cases, they might claim your account is in danger and you need to move your money to a safe account.

There are different types of approaches used by fraudsters. For example, some might fear, anxiety, and urgency, to manipulate their victims into following their request. By saying that they're from a government agency. They may use threats to the customer, saying that if they don’t comply, something bad will happen to them or they'll get into trouble with authorities.

Fraudsters might also try to build a more positive rapport with a potential victim where they come across as helpful and friendly. They might say that they noticed something wrong with the victim's account and want to help them protect their money from being stolen, but they need to act fast to prevent this from happening.

While the approaches can be different, there are similarities. The fraudsters are using urgency and playing on fear to elicit compliance from the potential victim. In both cases is to interrupt the decision-making process so that the victim acts on instinct rather than logic.

• Never share sensitive information with anyone you don’t recognise. N26 will never ask you to confirm things like your card number, account balance, password or pin codes.
• If you have received a suspicious contact or are unsure if it’s from N26 or not, you can always contact us and check at support@n26.com (new tab) or enter our Support Chat: How to contact N26
• If you receive a cold call from anyone claiming to be N26 this is a scam, we'll never call you without your permission. You can find out more here: How will N26 contact you
• Remember, N26 will never ask you to perform transactions or move money from your account or N26 Spaces.
• If you believe you have been a victim of phishing, you can find out more here: What is phishing?