As a consumer or a business, it is important to stay informed and knowledgeable about how to protect yourself and your business from cyber scams, including social engineering, identify theft and phishing.
These are some of the most common cyber scams to gather sensitive or financial data to steal or extort money from an individual or business. This information is to help educate our customers, to stay diligent in protecting their personal, financial or other sensitive data.
What is Social Engineering?
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Using various Social Engineering methods the criminal can circumvent security measures in order to get access to sensitive information like passwords or bank account details or may even gain unauthorized access to systems.
Some of the more prevalent social engineering forms are phishing, vishing, ransomware or pretexting.
- Malware – This is short from malicious software, is an umbrella term to refer to a variety of forms of hostile intrusion software.
- Virus – A computer virus is a malicious program designed to damage a computer system that can replicate itself and spread to other computers.
- Spyware – This is any software that covertly gathers user information through the user’s Internet connection.
- Phishing – When an email masquerading as a trustworthy email is sent to the user is attempting to acquire sensitive information such as usernames, passwords, or other sensitive data.
- Spear-phishing – Spear-phishing is an email spoofing that targets a specific organization seeking unauthorized access to confidential data.
- Pharming/Minnowing – This is where malicious code is installed on a personal computer or server misdirecting users (family or children) to fraudulent websites without their knowledge or consent.
- Text Smishing – This is the attempt to acquire personal information such as passwords or account details by masquerading as a trustworthy sender in a text message.
- Vishing – This is where a fraudster attempts to use social engineering over a telephone system to gain access to private personal and financial information from the public for the purpose of financial gain.
- Key logger – This is a type of software that captures all of your key strokes, mouse clicks, and screen pics, then transmits all recorded information to the fraudster allowing them access to your accounts within minutes.
- Pretexting/Spoofing – This is a social engineering technique in which a fictional situation is created for the purpose of obtaining personal and sensitive information from an unsuspecting individual. It usually involves researching a target and making use of his/her data for impersonation or manipulation.
Learn more about scams
The following sites regularly update information in regards to scams impacting consumers.
How you can protect yourself from becoming a victim
There are several ways to protect yourself to avoid becoming a victim to social engineering.
- Do not share sensitive information over a phone call with anybody, even if he/she claims to be from the bank. If you have any suspicion, contact the bank/person directly.
- Do not call a number sent in a voicemail or text message. Validate the phone number through the official bank website or on the back of your bank card or from other trusted sources.
- Be suspicious if a business, government agency, or organization asks you to click on a link that then asks for your username or password or other personal data. Instead, type in the web address for the organization or call them. The link in the email may look right, but if you click it you may go to a copycat website run by a scammer.
- Be cautious about opening attachments. A scammer could even pretend to be a friend or family member, sending messages with malware from a spoofed account.
- Check your credit reports regularly. Remain aware of your credit score and credit activity by obtaining a free copy of your credit report from each of the credit reporting bureaus per year: Equifax, Experian, and the Trans Union using a central website: www.annualcreditreport.com or call 1-877-322-8228.
- Monitor your account statements to ensure that you recognize all activity.
- Limit what you share on social media sites. Avoid posting when you are out of town, as it can alert thieves to an empty house. Also, don't publicly share personal information like your phone number or address; scam artists can take advantage of this information.
- Avoid doing any business or banking on unsecured Wi-Fi networks that don't require a password.
- Shred all important documents. This includes tax information, credit card statements or any other financial documents.
- Keep your computer safe. Update your virus protection software, change passwords often, and shop on trustworthy websites that are secure. To ensure that a website is safe, look for a lock symbol in the URL menu bar or the "https" in front of the website address in the search bar.
- Set your security software to update automatically, and back up your files to an external hard drive or cloud storage. Back up your files regularly and use security software you trust to protect your data.
- Cut up and destroy all credit cards before throwing them away. Consider opting out of any pre-approved credit card offers, which can easily be stolen from mailboxes by identity thieves.
- Lastly, report phishing emails and texts by forwarding them to firstname.lastname@example.org and filing a report with the FTC.