Fraud guide

What social engineering attacks are and how to avoid them

What is a social engineering scam?

A social engineering scam is when a hacker tries to trick you into giving over personal information about yourself, such as your login details or passcode for Anytime Banking.

Common types of social engineering attacks

Fraudsters might try and contact you via telephone, email, text or even through social media. Criminals will use social engineering to exploit your natural human inclination to trust other people.


Telephone fraud

Telephone fraud is one of the most popular methods of fraud. Here's some help to stop you being a victim

Information Message


Text message fraud

Is when a fraudster sends a text message to try and trick you into giving away your personal and security information.

Information Message


Email fraud

It's when you get emails pretending to be from legitimate sources, but they’re asking you to give away personal or private information.

Information Message

Other types

How to avoid social engineering fraud

Thankfully, it’s often fairly simple to spot a social engineering attack email or text message. There’s a few simple things you can look out for:

  1. 1

    Is everything spelt correctly and are you addressed by your name? Often fraudulent messages will have spelling and grammar errors and won’t address you correctly.

  2. 2

    Is what they are offering too good to be true? If it seems that way, then it probably is.

  3. 3

    Don’t download any attachments or click on any links, unless it is from someone you know and you were expecting it from them.

  4. 4

    Make sure your computer or laptop and antivirus software is up to date. If you do receive a fraudulent email, this will make sure your computer is protected if you do accidentally download an attachment with a virus.

  5. 5

    If you receive anything unexpected asking for your passwords or financial information, it is most likely a scam. If it appears to be from a friend or a company you know, give them a call to check if it was actually from them.