Sometimes it's best to NOT share what you know

What is Social Engineering?

At its most basic, social engineering is the act of gathering information from someone. Information is gathered through human interactions, by using technology, such as email and social media interactions, or it can be as simple as having a conversation in person or over the phone. Where it gets dangerous is when this information is gathered through deception and with the intent to do harm with the information.

In a social engineering attack, an attacker uses human interaction to manipulate a person into disclosing information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen, it can be used to commit fraud or identity theft. Criminals use a variety of social engineering attacks to attempt to steal information, including: Website Spoofing, Phishing Emails, Phishing Phone Calls and even face to face interactions.

 

 

 

Quick Definitions

  • Website Spoofing
    • Similar to impersonation, website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.
  • Phishing
    • Just like dropping a fishing line into a river and hoping a fish will bite, Phishing tries to lure people to "take the bait" and give up important information by dangling an appealing or urgent message. 

 

 

 

Staying Safe From Social Engineering

Step 1: Be Vigilant

The first step in preventing social engineering is to be vigilant. You should always ask yourself, "Should I be sharing this information?" We know, this sounds too simple, but people fall victim to these attacks every day, because they let their guard down and perhaps don't see the harm of sharing just a little bit of information. Remember, it's not being unkind to refrain from sharing private information.

  • Watch for Website Spoofing
    • Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
    • If you are suspicious of a website, close it and contact the company directly.
    • Do not click links on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
    • Only give sensitive information to websites using a secure connection. Verify the web address begins with “https://” (the “s” is for “secure”) rather than just “http://”.
    • Avoid using websites when your browser displays certificate errors or warnings.
  • Be Wary of Phishing Attempts
    • Delete email, text, and social media messages that ask you to confirm or provide sensitive information. Legitimate companies don’t ask for sensitive information this way.
    • Beware of visiting website addresses sent to you in an unsolicited message. Even if you feel the message is legitimate, type web addresses into your browser instead of clicking links.
    • Try to independently verify any details given in a message directly with the company.
    • Utilize anti-phishing features available in your email client and/or web browser. Also, utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
    • Do not open attachments from unknown senders or unexpected attachments from known senders.
    • Be cautious of the amount of personal data you make publicly available through social media and other methods.

 

Step 2: Monitor Your Accounts

It is always a best practice to stay informed, especially about your accounts, whether they be here, there or anywhere.
  • Use Mobile and Online Banking to routinely review your transactions.
    • If you are not using online and mobile, you should definitely consider it, as it allows you to retrieve your information wherever you may be and whenever you want. You can certainly review paper statements, but if something were to occur, you might not be aware of it for at least 30 days.
  • Review your credit report for anything unexpected
    • At the very least you should be reviewing your credit report once per year. You may want to consider a credit monitoring service to alert you whenever credit is applied for in your name. You can get your credit reports once per year at no cost. AnnualCreditReport.com can help you retrieve your reports from each of the three credit bureaus, Equifax, Experian, TransUnion.

Step 3: Report Suspicious Activity

Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning one or more of your accounts. Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions in your account, notify us immediately. If you have an account with another institution, you will want to alert them as well.

Need a reason to choose Sharonview?
you decide
Everything we do is geared toward helping you improve your financial standing, all while treating you the way you deserve. Experience the Sharonview difference.