Understanding Social Engineering
skip to main content

CBWY Blog

Understanding Social Engineering

Understanding Social Engineering

With our reliance on technology, it is important to keep yourself informed to avoid falling victim of fraud. Chances are you have already been a target of a cybercriminal or fraudster.   One common type of fraud is referred to as Social Engineering. 

Social Engineering

Social engineering is a technique used to manipulate a victim into disclosing information or taking a specific action. Fraudsters will communicate with an intended target by saying they are from a trusted organization or financial institution.  They may even impersonate someone the target knows.

Once the fraudster is successful in manipulating the victim to believe they are the person, organization or financial institution, they will always encourage the intended victim to take further action.  This could be asking for sensitive information such as passwords, date of birth, money, or bank account details.

Social engineering attacks have grown increasingly sophisticated.  Fraudsters will fake websites or emails to look realistic enough to trick the target into revealing personal information. When planning a social engineering attack, the fraudster’s goal is to prey on their targets’ sense of familiarity. The fraudster is relying on the possibility that if a target is contacted by an organization, or individual whose name they are familiar with they are more likely to think the communication is legitimate.   Some social engineering attacks prey on peoples want to avoid conflict.  By making it seem like there is a threat to their prey’s safety they are hoping that the target will do what they tell them to do without taking the time to think. Fraudsters will also gather information about their target before making contact. They will use social media, google and the dark web, or even go through someone’s trash to acquire personal information to use in their scheme.

Real World Scenario

One scenario is when a fraudster calls a victim pretending to be a representative from their financial institution. Fraudsters are able to spoof* the caller ID to make the call seem legitimate, and increase the chances of the target answering the phone.

Once they are on the phone with the target, they tell them there has been fraudulent activity on their account. The action that they need them to take is to change their password for online banking.  They will give the target a sense of urgency making them believe in order to protect their account they need to change their password immediately. When in fact, the fraudsters intention is to gain control of the victim’s bank account. They tell the target they are sending them a onetime passcode and they need to give it to them as part of the reset process.  When given the code, the fraudsters then use it to access the account via “forgot password”.  They will then reset the password giving themselves access to their victims’ bank account.

Avoid Falling Victim

When being targeted in a social engineering fraud, follow these tips to keep yourself from falling victim.

If an organization or financial institution calls asking for personal information over the phone, hang up. In fact, anytime that you questions if a phone call is legitimate, hang up. Then call the organization or financial institution directly. Do not call a phone number that has been sent to you within a suspicious email, text, or private message.  Look up the organization’s customer service number – then call them back to make sure the original call was from a legitimate source. 

Your financial institution will never call and need you to verify your account, password, or ask you to click on a suspicious link.

Always take a moment to check the source and to think about where the communication is coming from, don’t trust it blindly. Be wary when you feel a sense of urgency coming into a conversation. If you are feeling pressured, say you need time to get more information. Fraudsters are trying to trick you before you have time to assess whether the situation is realistic. When in doubt, always double check.

Everyone participating in social media assumes some risk of becoming a target of a social engineering attack. That does not mean you should opt out of  getting involved. Educate yourself on the risks and take action to avoid becoming a victim.  Pay attention to who wants to be friends, following, or share with you via social media.  Check your privacy settings, and always think about what you post. Keep in mind that privacy settings do not necessarily keep you safe. Never post personal identifiable information such as birthdates, phone numbers, and addresses. Never post your social security number, banking, or other financial information, even through private messaging. Be aware of unsolicited contacts from strangers, and links sent via private messages, even if they come from people you know.  

People are the weakest link in cybersecurity and a fraudster will take advantage whenever possible.

Our Online Security Center is designed to be your go-to resource for information and best practices that will help you recognize fraud before it’s too late. Our Online Security Center can be found at https://CommerceBankWyoming.com/Resources/Online-Security-Center.

*Caller ID spoofing is the use of fake caller ID information to mask the true source of an incoming call.

There is a Difference.
top
^