Protect Yourself From Social Engineering Attacks
Social engineering attacks have one goal—to trick you into divulging information. Most commonly, these attacks land in your life through your email or phone. The senders and callers sound familiar in an effort to gain your trust. But in the end, they're only interested in information you should never hand over, like your Social Security number, login information and other private data.
A keen eye for the tell-tale signs of these fraud attempts will help you protect yourself from an attack and keep your information secure.
Types of social engineering
There are four main types of social engineering attacks to have on your radar.
- Baiting: When fraudsters want access to your sensitive data, they may try to bait you into helping them get it. Baiting schemes often appear as official-looking letters sent through the mail. They can also be requests to download a fraudulent app or software that claims to help you fix something on your device. When you install the software from the CD or download, your computer becomes infected. The attackers can now easily access information like usernames and passwords.
- Phishing: The most popular of all the social engineering attacks, phishing attempts arrive through email or text message. These messages try to confuse you so you'll release your sensitive login information, typically to your bank or financial accounts. They might tell you that there's an immediate need to change your password. When you enter your login information, you'll give fraudsters access to your accounts. Or the email or text could contain a fraudulent link, and the website it brings you to infects your computer with malicious software.
- Spear phishing: While most phishing attacks are relatively untargeted, spear phishing is a highly targeted attack on an individual or organization where scammers research their targets and use that information to make their emails appear legitimate. They may use social media or other public information so that the email appears to be from a trusted co-worker, colleague or friend. Spear phishing is difficult to spot. Be on the lookout for any message from someone you know that doesn’t sound quite right. And never click on a link in an email that is suspicious or has a sense of urgency.
- Pretexting: In this type of attack, fraudsters impersonate someone of authority, like a bank representative, police officer or IRS agent. These callers will generally have you answer a series of questions under the pretext of verifying your identity. The questions are designed to get you to reveal sensitive personal information like your Social Security number or bank account.
- Quid pro quo: These scams make you feel like there's an equal exchange—if you give the scammer X, they'll provide you with Y in return. The exchanges are often disguised as attempts to help you, perhaps with technical support for your computer or assisting the caller in fixing a glitch, like a Social Security number missing from your account. The end goal here is usually identity theft. When you hand over your Social Security number or install their software, your most private information becomes vulnerable.
- CEO fraud: Attackers impersonate a senior leader from your organization in an email or text to trick you into doing something you shouldn't—like sharing sensitive information, or transferring money. They use the authority of the CEO or senior leader and a sense of urgency to get you to act quickly.
- Scam phone calls: Also called vishing, these attacks take place when fraudsters call you on the phone, often pretending to be from an organization you know and trust. Be wary of any calls from people who sound suspicious or ask you to take actions urgently, especially if it involves risky activities like giving your personal or bank information over the phone. Request proof that the caller is who they say they are before you comply.
5 tips to protect yourself
Knowledge is power, and knowing how to respond to these attacks will help you keep your private data secure when the scammers come calling.
1 Slow down
When you get a concerning call or email, it's natural to want to act fast. Fraudsters rely on your fear to get your information. When a communication puts you on high alert, take a deep breath and pause. You can call your bank or credit card company and ask them to confirm the request—financial institutions or the IRS won't ask you for your PIN or Social Security number over the phone.
2 Review the source
When you receive an email or other communication that puts you on alert, consider the source. Avoid clicking on links and opening email attachments from sources you don't trust 100%. It's probably wise to consider most communications asking you to perform a password change or identify verification tasks as suspicious. Also, double-check that you're downloading the official version of any bank or financial app, because fraudsters sometimes create lookalike versions as a scam.
3 Lock your phone and laptop
While it does add an extra step when you want to use your device, a screen lock can put a layer of protection between your unattended phone, tablet or computer and a scammer.
4 Skip public Wi-Fi
It's a good habit to skip using public Wi-Fi when you're out and about. Fraudsters often use unprotected Wi-Fi networks to hack into other devices connected to the network.
5 Consider anti-virus software
While no software can protect you from every attack, anti-virus software can help protect your computer from many threats. These programs can also help warn you when a website looks suspicious.
There are two key questions to ask yourself when evaluating whether what you're looking at is a social engineering attack—who's asking for my information, and why do they need it? If you're at all unsure that you can answer these questions, or if there's any doubt in your mind about whether the request is legitimate, proceed as though you're looking at an attempted scam. When it comes to protecting your data, a little extra caution can only be a good thing.
A few financial insights for your life
This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.