A common misconception about cyber attackers is that they only use advanced hacking tools and technology to break into networks, computers, accounts and mobile devices but this is simply untrue.
Today cyber attackers have learned that one of the easiest ways to steal information or hack your computer is by simply talking to and misleading you. In this social engineering update from Seacoast's Information Security Officer, you will learn how these types of human attacks (social engineering attacks) work, and what you can do to protect yourself and the bank.
What Is Social Engineering?
Social engineering is a type of psychological attack where an attacker misleads you into doing something they want you to do. The simplest way to understand how social engineering works is to take a look at a common, real-world scenario.
You receive a phone call from someone claiming to be from your company's IT support department, a vendor for an application you use or perhaps even Microsoft tech support. The caller explains they have noticed that your computer is behaving strangely, such as scanning the Internet or sending spam, and they believe it is infected. They have been tasked with investigating the issue and helping secure your computer. They then use a variety of technical terms and take you through confusing steps to convince you that your computer is infected. Once you trust in their credibility, you will be directed to a website to download a fix, or asked to give them remote access to your computer. If you give them remote access to your computer to fix it, in reality, they are going to take it over, infect it, and steal information.
Keep in mind that social engineering attacks like this are not limited to phone calls; they can happen with almost any technology, including phishing attacks via email, text messaging, Facebook messaging, Twitter posts or online chats. The key is to know what to look out for.
How to Detect and Stop a Social Engineering Attack
The simplest way to defend against social engineering attacks is to use common sense. If something seems suspicious or does not feel right, it may be an attack. Some common indicators of a social engineering attack include:
- Someone creating a sense of urgency. If you feel like you're under pressure to make a very quick decision, be suspicious.
- Someone asking for information they should not have access to or should already know, like your username and password.
- Something that sounds too good to be true. A common example is if you are notified you won the lottery or a grand prize drawing even though you never entered it.
What Should You Do?
If you suspect someone is trying to make you the victim of a social engineering attack, do not communicate with the person any further. If someone calls you on the phone, hang up. If you are chatting with someone online, terminate the connection. If it is an email you do not trust, delete it.
Preventing Future Social Engineering Attacks
- Never Share Passwords. If someone is asking you for your password, it is likely an attack.
- Don't Share Information. The more an attacker knows about you, the easier it is for them to find and mislead you. Even sharing small details about yourself over time can be put together to create a complete picture. The less you share publicly (Facebook, Twitter, etc) the less likely you will be attacked.
- Verify Contacts. At times, you may be called by your bank, credit card company, mobile service provider or other organizations for legitimate reasons. If you have any doubt as to whether a request for information is legitimate, ask the person for their name and phone number. Then find the company's phone number from a trusted source, such as the number on the back of your credit card, your bank statement, etc, and verify so you know you are really talking to a representative of the company. Though it seems like a hassle, safeguarding your information is worth the additional step.
- Learn More About Suspicious Emails. Click here to learn more about the signs of a suspicious email and what to look for to ensure you do not fall victim to a social engineering attack on this communication channel.
If you ever have any questions about the validity of communications sent from (or appearing to be sent from) Seacoast Bank, our Customer Service team can be reached 24/7, 365 days a year at 800-706-9991.