In this digital era, cybercrimes are widespread and easily committed. According to cybercrime statistics, an average of 2,244 cybercrimes happen daily. 

Hackers and scammers use social engineering to manipulate and exploit the emotions of unsuspecting victims into sharing confidential data about themselves. These data breaches could cause significant losses to the victims.    

In this blog post, we will explain the different types of social engineering and how to protect yourself against them. 


Phishing is an attack where scammers pose as legitimate individuals or businesses to collect personal information from unsuspecting users. 

Users usually receive genuine-looking emails that lead them to a fake website, where they are tricked into revealing sensitive information such as their passwords or bank details.

The following are the various types of phishing:

Types of phishing that could affect your online trading account.


Keystroke logging or keylogging is the act of secretly recording keystrokes on a keyboard. Often, a keylogger tool is used by scammers to capture the keystrokes – either using a programme (software) or a physical device (hardware) – and the data collected would be used for illegal activities. 

Types of keyloggers

Software keyloggers are apps and computer programmes that are secretly installed onto your device by a hacker through phishing attacks or remote downloading. In addition to tracking keyboard activity, some software keyloggers can also capture screenshots and information copied to your clipboard. These keyloggers can be detected and removed by antivirus software.    

Here are a few examples of software keyloggers:

Types of software keyloggers or keylogging programmes.

Hardware keyloggers are usually hidden in plain sight as they are built into or connected to your device. Unlike software keyloggers, antivirus software would not be able to detect these keyloggers. 

Here are a few examples of hardware keyloggers:

Types of hardware keyloggers or keylogging devices.

Man-in-the-middle attack

While having free public WiFi wherever you go does seem convenient, it comes with risks. Public WiFis are susceptible to Man-in-the-middle (MitM) attacks.

MitM attacks happen when a malicious third party pretends to be a legitimate middleman and intercepts communications between two parties. When a user decides to browse a certain website, the third party would interfere and send the user to a fraudulent site instead. 

Here are a few examples of MitM attacks: 

The different types of MitM attacks that could affect your online trading account.


As implied by its name, scareware is malware that intends to scare users. By creating fake warnings, scammers intimidate users into installing malicious software or visiting websites that will corrupt their devices. 

This message is an example of scareware: 

An example of scareware claiming that a malware has been detected on your device.


Have you ever received a random email for the delivery of an order you never made? If you have, a scammer may have attempted to bait you. Scammers who use this method of social engineering depend on feelings of curiosity or greed to trick users. 

A baiting email that may redirect you to a malicious website or download malware to your device if you click on the links.

Be wary of random or unfamiliar websites offering free downloads of ebooks, music or movies, which only require you to create an account. The details you share are exactly what scammers want. The files you download could also contain malware that collects personal information.

Baiting can also happen in physical form. If you see a USB device or an external hard drive unattended somewhere, ignore it. Scammers leave infected devices lying around as bait to corrupt the devices they are plugged into. 

6 tips to secure your Deriv account 

Now that you’re familiar with various social engineering attacks, here are some helpful suggestions to protect your Deriv account from hackers.

1. Don’t click on random links.

Be sure that the URL begins with HTTPS and not HTTP, and always pay attention to the spelling, characters, and other irregularities that can be found in the URL. If you find that our official website doesn’t begin with HTTPS, or that Deriv is spelt incorrectly, don’t enter your personal information.

If you receive an email from a familiar organisation requesting you to confirm your login details on another website, try accessing the website without clicking on the link provided. Don’t click on links that redirect you to an external website.

2. Double-check message contents.

Thoroughly examine the emails and messages you receive to confirm if the tone and content match those of the sender. Additionally, observe whether there are spelling and grammatical errors in the message. Most legitimate businesses carefully craft their messages before sending them to you (yes, that includes us!).

Notice something fishy? Copy the content of the email and look it up on a search engine to check if it’s a popular phishing scam, or get in touch with the sender through a phone call or alternate email address.

Deriv will only contact you through [email protected] or [email protected]. So if you receive an email from us which did not come from these email addresses, contact us via live chat and report the email.

3. Shield yourself.

Make sure your operating systems and antivirus software are regularly updated. Our website and apps are constantly upgrading and improving, so keep your device up-to-date and consistently update your apps.

We also recommend using a Virtual Private Network (VPN) to encrypt your connection when trading with us, especially if you’re accessing sensitive information.

4. Turn off auto-connect settings.

You can avoid MitM attacks by ensuring your devices don’t automatically connect to WiFi and Bluetooth networks. Better yet, turn your network settings off unless you need to use them.

We discourage connecting to public WiFi as hackers could create fake WiFi networks with names of legitimate individuals or businesses nearby. To ensure you are connecting to a real, secure, and reliable public WiFi network, double-check the WiFi credentials.

5. Set a strong password.

Your password should be unique, containing a mixture of numbers, symbols, and uppercase and lowercase letters. Exclude personal information such as your name or birthdate.

Change your password regularly and try not to use the same password for multiple accounts. Password managers can help store your passwords and recommend stronger passwords.

Additionally, enable 2FA using your mobile device or email. Accounts that require a password and 2FA tend to be more secure than those only requiring passwords.

6. Be aware of your surroundings.

Never leave your belongings unattended. To avoid keyloggers from being implanted or infecting your device, always ensure your gadgets are within view and look out for odd electronics that seem out of place.

Don’t let your curiosity get the best of you if you find stray USB devices or external hard drives. You don’t want to invite malware into your device yourself, do you?

Don’t fall victim to social engineering! Make sure your Deriv account is secure by following these tips.

Leave a Reply