Social Engineering | Security Against Phishing, Pharming, & More

Social engineering relies on exploiting the human psychology in order to gain access to systems, data, and other valuable information. Combined with physical access or technical hacking methods, social engineering can be very effective as a fraud tool.

Social engineering goes beyond finding vulnerabilities in software. It can be conducted a multitude of ways, but it will always involve targeting a human being for information that will assist in carrying out the fraud. A social engineer wanting your information may pose as a service support person and call you, attempting to trick you into divulging your password.

The most common types of social engineering attacks are Phishing, Pretexting, and Quid Pro Quo. Information on each of these attacks can be found below. If you have questions on these and other social engineering or fraud methods, contact us right away to get the information you need to stay prepared.

Phishing

Phishing attacks try to acquire your personal information electronically—often by sending you an email that asks you to verify your personal information. A link in the email then redirects you to a false website. By convincing you to provide your information willingly, phishers can often get your personal information with little effort.

Avoid a Phishing Attack

FSG Bank takes a number of steps to protect your personal information. As part of our process to keep your identity, information, and money secure, we will never ask for personal information by email. However, there are also valuable steps that you can take to avoid falling prey to phishing attacks.

Do not respond to email requests for personal information.
Never click on a link from an email. Avoid spoofed web addresses by manually typing URLs into your web browser.
Limit the amount of information you post about yourself online.
Use available security tools such as Trusteer malware protection, antivirus software, encryption, and up-to-date security patches.

Trusteer is offered free to customers through FSG; antivirus software, encryption, and updated patches can be obtained from Microsoft or through your Operating System.

If you do receive an email and you’re in doubt about its legitimacy, directly call the company referenced in the email. Don’t use a phone number listed in the email, though. Search for the company’s legitimate website, and use the contact information from that site to contact a company representative about the inquiry.

Remember: if you’re not expecting the email and/or do not recognize the sender, there’s a good chance the email is a phishing attempt.

Pretexting

Pretexting is a targeted social engineering attack that uses an invented scenario to gather information from an unsuspecting user. For example, an attacker would contact you with an invented issue with your checking account, impersonating a bank employee, to gain valuable information from you.

What should you do?

The #1 way to protect against pretexting is to be mindful of your situation. As a rule of thumb, never give out private information over the phone or by electronic means unless you initiated the contact.

Take the time to verify the callers’ credentials , too. In most cases, pretexting attackers will act hurried in response to your questions and can even be aggressive when trying to get you to provide information quickly.

Remember: Stay calm. Be mindful. FSG will never contact you for your personal or financial information; we already have it.

Quid Pro Quo

The Latin quid pro quo means “this for that.” A Quid Pro Quo attack promises you a benefit in exchange for your information. The attacker may promise to help you fix an issue (i.e., a support technician asking to log into your machine and fix a system-related problem). The attacker will ask for something such as your username, password, or other identifying information from which to initiate the attack.

Avoiding a Quid Pro Quo Attack

As with Phishing and Pretexting, there are security measures you should take to safeguard yourself and your information.

Never give personal or account information unless you initiated the exchange.
Always call the company back using a publicly posted phone number (such as on the company’s website) and not through a phone number provided by the person you are conversing with.
If you’re at all suspicious about the call, contact FSG.

Remember: In short, the bank will never ask for your username/password.

Remember . . .

Your greatest threat in a social engineering attack can be your lack of awareness or evaluation. If a request seems hurried, out of context for day-to-day duties, and/or your instinct tells you something is not right, it probably isn’t. To handle these attacks properly, stay alert and think through what it being asked of you. If you find yourself in any of these situations, please contact the bank as soon as reasonably possible at 855-693-7422.