What is Digitalization?
Digitalization refers to the use of digital technologies and data, as well as the interconnection that results in new technologies or changes to existing ones.
In the recent past, digitalization has been intensified specially in industry like banking.
For example, most banks provide Internet banking facilities as well as Mobile APPs for transactions. These technologies make banking facilities more convenient for customers.
However, it has also increased the threat of social engineering.
What is social engineering?
Social engineering is a broad psychological manipulation technique used to trick people into revealing confidential information or granting access to restricted systems.
These attacks can happen via phone calls (vishing), text messages (smishing), emails (phishing), or even face-to-face encounters. In the recent past, social engineering attacks have increased and some people have lost money after becoming victims of such attacks.
Very often people are tricked into giving their personal banking information through the methods mentioned above. For example, Customer may receive a call 1 from someone pretending to be a customer representative of a bank who tries to obtain personal information which may be later used to access customer’s account.
How to Protect Yourself from Social Engineering Attacks
1. Use Strong Passwords
Strong, unique passwords are your first line of defense. Cybercriminals often launch phishing attacks to gain access to personal accounts. Use complex passwords-ideally at least 16 characters long with a mix of letters, numbers, and symbols to protect from such attacks.
2. Check Links and Attachments Before Clicking
Never click on unsolicited links or download attachments from unknown sources. Always hover over links to verify their destination. If the URL looks suspicious, avoid it. Use tools like Google Transparency Report to check whether a link is safe.
3. Don’t Share Personal Information
Never disclose personal or sensitive information over the phone or via email-especially to strangers. Always verify the identity of the person requesting the information before responding.
4. Be Cautious with Unfamiliar Emails
Be wary of emails offering large sums of money or asking you to send payments for document courier services. Ask yourself: Why would a stranger go out of their way to help me financially? These tactics often exploit human emotions like greed or curiosity.
5. Avoid Oversharing on Social Media
Oversharing personal information on platforms like Facebook or Instagram gives attackers valuable data. They can use this to craft more convincing and targeted attacks. Keep your accounts private and think carefully before sharing personal updates or photos.
6. Verify the Website URL Carefully
Always check that the website address begins with “https://” and contains the bank’s official domain name. Fraudulent sites often use slight variations (e.g., banklanka.com vs. banklanka.com). Bookmark the official site and access it directly instead of clicking on email links.
7. Look for Security Certificates
Click on the padlock icon in your browser’s address bar to view the site’s security certificate. If the certificate is invalid or the issuer looks suspicious, do not proceed. 2
8. Enable Two-Factor Authentication (2FA)
Even if attackers steal your login credentials, two-factor authentication (such as SMS codes, authenticator apps, or biometrics) adds an extra layer of protection. Always enable 2FA for online banking.
9. Use Official Apps
Instead of Browsers Access online banking through the bank’s official mobile app, downloaded from trusted app stores. Apps are harder to mimic compared to websites and usually offer more security features.
10. Watch for Poor Design and Grammar
Fake websites often have spelling mistakes, unusual fonts, or poor-quality logos. Banks maintain professional, consistent branding, so these small errors can be red flags.
11.Check Contact Information
Legitimate bank websites provide valid customer service numbers and addresses. Cross-check these details with official bank documents before entering any information.
12. Use Secure Networks Only
Avoid logging into bank accounts over public Wi-Fi (e.g., in airports, cafés). Hackers can intercept data over unsecured networks. Instead, use a VPN or your mobile data connection for sensitive transactions.
13. Enable Browser Security Features
Modern browsers like Chrome, Firefox, and Edge warn users if they are about to visit a known phishing site. Keep your browser updated and do not ignore these warnings.
Conclusion
In conclusion, while digitalization has significantly improved convenience and efficiency in sectors such as banking, it has also exposed individuals to increasing risks, particularly in the form of social engineering attacks.
These attacks exploit human behavior rather than technological weaknesses, making them more difficult to detect and prevent.
As highlighted, many individuals have already suffered financial losses due to a lack of awareness and precaution.
Therefore, safeguarding oneself in the digital age is no longer optional but essential. By adopting simple yet effective measures such as using strong passwords, verifying links and identities, enabling two-factor authentication, and avoiding the sharing of sensitive information, individuals can greatly reduce their vulnerability to such attacks.
Ultimately, awareness and vigilance are the most powerful tools in combating social engineering.
As technology continues to evolve, individuals must also stay informed and proactive to ensure their personal and financial security in an increasingly digital world.
About Writer: M. Dimuthu Suranjana
The writer is an IS Audit Expert and having CISA-ISACA(USA) and also a senior Chartered Accountant with over 20 years of experience, primarily in the banking sector & currently working as AGM-Audit at National Savings Bank (NSB). He is a visiting lecturer at PIM, CA Sri Lanka, and IBSL.