Social engineering is a technique used to obtain or attempt to obtain access to confidential information by tricking an individual into disclosing the information.
The basic goal of social engineering is to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt and compromise computer systems.
Common Techniques
- Social Engineering by Phone – Pretexting attacks rely on building a false sense of trust with the victim. The attacker may build a credible story by masquerading as an HR, IT, or medical billing office representative, saying they need you to verify information, when in fact they are looking to steal data to use to stage secondary attacks or commit identity theft.
- Dumpster Diving – Fraudsters are sifting through trash to get compromising information.
- Online Social Engineering
- Phishing – attacks using email or malicious websites to solicit personal information by posing as a trustworthy organization.
- Vishing – the telephone equivalent of phishing. Advanced vishing attacks can take place completely over voice communications by exploiting Voice over Internet Protocol (VoIP) solutions and broadcasting services. VoIP easily allows caller identity (ID) to be spoofed.
- SMiShing – using SMS/text messaging to direct people to a fraudulent website or to call a phone number.
- Pharming – directing Internet users to a fraudulent website that mimics the appearance of a legitimate one.
- Persuasion – Fraudsters leverage a person's attitudes or beliefs by appealing to logic and reason. A criminal may give themselves a fancy-sounding title to appear credible, target a specific religious or ethnic community, the elderly, or professional group, and/or pitch "once-in-a-lifetime" opportunities.
- Reverse Social Engineering – With this scheme, the fraudster does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker. The attacker convinces the target that he or she has a problem and that he/she, the attacker, is ready to help solve the problem. The attacker may seem unassuming and respectable, possibly masquerading as a new employee, repair person, or researcher, and even offering credentials to support that identity.
- Shoulder Surfing – Looking over a shoulder to see what someone is typing.
- And many more...
What you should do
- NEVER share your user name or password with anyone.
- Delete emails/hang up the phone immediately when offered anything that demands payment in advance with cash, money orders, credit cards, debit cards, gift cards, Western Union, or any other form of payment.
- Do not trust caller ID. Scammers have technology that lets them display any number or name on your screen. If you are unfamiliar with the number calling, let it go to voicemail so you can decide if the call is important enough to return.
- Properly destroy papers that include a Social Security number, driver’s license number, or bank account number rather than putting them in your garbage or recycling. (Dumpster-diving identity thieves can use your sensitive information to steal your identity.)
- Be skeptical. Do not give offers from strangers the benefit of the doubt. If something seems too good to be true, it probably is.
- Don't be rushed into making a decision.
- Charlotte State Bank & Trust will NEVER call you and ask for your user name or password. If a call appears to be from our bank, but you are not sure, please hang up and call us at 941-624-5400.
- Always be aware of your surroundings. Shield the keypad on the ATM when you enter your PIN and use strong passwords so it’s hard for an observer to guess what you typed on your laptop or mobile device.
Phishing attacks use e-mail or malicious websites to collect confidential and financial information or infect your computer with malware and viruses.
Phishing is an attempt to steal information by trying to manipulate or lure you to do something. For example, an attacker may send an email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year (such as natural disasters, epidemics or health scares, economic concerns, political elections, or holidays).
Tips for spotting a suspicious/phishing email or text messages:
- It may appear to be from someone important, like the bank.
- It may have an urgent message.
- It may have links and attachments that contain malicious software also known as malware.
- It may ask for your personal information.
Poor grammar and sentence structure, misspellings, and inconsistent formatting are other indicators of a possible phishing attempt.
Why do they send these emails?
- Fraudsters are trying to steal information.
- Fraudsters may be trying to install malicious software on your computer. Be sure to keep your computer healthy by installing antivirus software, security updates and turning on your firewall.
What do I do with these emails?
- Do not respond to these e-mails or click on links or attachments.
- The bank will not ask for personal information by sending an e-mail.
If you receive an email appearing to be from our bank, but you are not sure, please call us at 941-624-5400
or email us at customerservice@csbtfl.com.
All other phishing may be reported to The FTC Complaint Assistant or simply delete the email and then delete it again from your deleted items.
Learn more about how to recognize and avoid phishing.
Read about recent scams and learn how to recognize the warning signs.
