About TRA

	Home
	About TRA
	About UAE
	News
	Public Announcements
	Legal References
	Rulings & Regulations
	Spectrum Affairs
	Type Approval
	eCommerce
	Consumer Affairs
	Publications
	Events
	Industry Groups
	Job Vacancies
	Licensees
	Mobile TV
	FAQ
	Site Map
	Contact Us

Social Engineering Frequently Asked Questions

Back


I recently received an E-mail that appeared to be from my bank, but it had a link to a Website I did not recognize. What is going on here?

It is very likely that this E-mail is a phishing scam. The term ‘phishing’, (pronounced as fishing) is a relatively new form of social engineering that has evolved in recent years. In phishing attacks; the attacker(s) attempt to convince you to disclose key credential information about yourself. This information is captured by the attackers either via the same E-mail you have received, or by directing you to a ‘fake’ website where you are prompted to enter this information. Once entered; this information would normally be E-mailed to the attacker, or stored in a database for later retrieval.

What are some indications that an E-mail is a phishing attempt instead of a legitimate message?

Phishing E-mails usually share some common traits. These include:

	Stating that some “emergency” situation, such as a server crash, requires you to access your account to “confirm” its validity
	Stating that unless you perform some action immediately, your account will be frozen
	Directing you to click on a link in the E-mail which does not correspond to an address you recognize
	Asking that you provide your password or PIN

What should I do if I receive an E-mail that I believe to be a virus or phishing scam?

If you receive a suspicious E-mail it is often best to simply delete it. If the sender is someone you know, you can contact them to see if they really sent that message, and verify its contents. If you receive an E-mail that appears to be a phishing scam, you can contact the business that it appears to originate from to confirm its validity. Many organizations, such as banks, also have a way to report suspected phishing attempts. You can usually find out about these through their Website.

I recently received a call from a recruiter that was asking a lot of questions about my current project. Is this normal?

A method that social engineers use to gather information is to pretend to be a recruiter. They then ask you for information regarding a project you may be currently working on, requesting many details. When speaking with a recruiter, keep your conversation to the skills you use at work, without revealing details of specific projects. For example, it is OK to state that you are a project manager for a team of 40 people working on a network deployment. There is no need to go into details of how the network is designed, or what specific hardware you are using.

My company has a policy that all employees need to swipe their badge to gain entry to our building. However, I know many of the people that work here, and will often just hold the door for them as a matter of courtesy. Is there any risk in doing this?

The reason your company has this policy is to prevent unauthorized people from entering your building. Although you may think you know who is allowed into the building, you do not know if they were recently fired, or had some other change in their status. You should follow your company’s policy, and require that anyone entering behind you swipe their badge.

How can I protect myself from social engineering?

The best tool in preventing being victimised by social engineering is to keep up-to-date on current social engineering ploys. Always question any request you receive for sensitive information. If you receive an unusual request, check directly with the apparent originator (for instance, call you bank if you receive an E-mail from them asking for sensitive information). You should also frequently check Websites that provide security information, such as the aeCERT Website at www.aeCERT.com.

Why are social engineers successful?

Yes. As per the TRA regulation PC to PC is legal and can be used.

I am preparing to leave the office for a period of time. What can I do to help prevent having a social engineer use my absence as a method for obtaining information?

A good source of information for a social engineer is voice mail recordings or E-mail Out Of Office Messages (OOOM) indicating that you will not be in the office. These tell the social engineer that you may not be available to immediately answer questions. If you provide an alternate contact, make sure that person knows what projects you are working on, and with whom you are working. This way, a social engineer will have a hard time tricking them into divulging information by pretending to be a member of your team that requires sensitive information during your absence.

What are some indications that a Website link provided in an E-mail may be fraudulent?

	The link takes you to a page whose address starts with http:// instead of https://
	The log-in page is not a secure page. You can determine this by looking for a small padlock image along the bottom of your Web browser
	The address that appears in the address bar of your browser is different than the one you usually use to access that account

I think I may have been a victim of social engineering and have compromised my bank account. What should I do?

If you believe that you have been victimized by a social engineer using a ploy such as phishing, you should contact your bank to notify them of this situation. They may be able to stop any fraudulent transactions, in addition to changing your account and/or password so the social engineer cannot access your account.

Top