Volume 16, Issue 10
Don't be caught off guard!
Tips to protect yourself from social engineering scams
By Deanna Pellegrino, Farm Credit East Information Security Manager
October is Cybersecurity Awareness Month and Farm Credit East’s security team is working to educate customers and staff about the tactics of Social Engineering. Social engineering is the practice of scammers to trick individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Who are Social Engineers?
Social engineers are essentially con artists; they manipulate situations and take advantage of human nature. Social engineers have a common motive: trick people into taking an action or revealing sensitive information.
These attacks are not always about a short-term gain. In many cases, social engineers attempt to gain a relationship over time, creating a foundation of trust before striking. There are many methods scammers might use to try to fool their targets.
How can I be targeted?
- Fake letters and notifications
- Phishing emails
- Smishing (SMS/Text message phishing)
- Vishing (Phone Calls)
- Lookalike websites, or a website with a nearly identical but slightly altered domain name (i.e. FarmCreditE.com versus our actual domain of FarmCreditEast.com).
- Shoulder surfing or eavesdropping
Phishing emails, smishing (SMS/texting), lookalike websites, phony letters and other communications might include names and logos of well-known brands to appear believable. Scammers know these visual cues are more convincing and can work to their advantage.
Sender addresses and caller ID numbers can be faked to be disguised as coming from a trusted contact. In some cases, incoming calls or texts can even appear to be coming from your own phone number!
Attackers sometimes pose as service technicians, prospective customers or even law enforcement officers. Uniforms, badges and business cards are easy to fake, and these simple efforts often pave a way of accessing unauthorized information.
What steps can I take to protect myself?
Do your own due diligence.
Verify people are who they say they are. The most successful social engineers are those who are savvy, persistent and prepared. They do their homework before going through with an attack.
Before interacting with an email, text or social media message, go to the source. Visit a known website or call a trusted phone number to confirm an offer or request for information.
Don’t take things at face value.
Social engineers will attempt to use well-known names, brands and logos to appear believable. Surface clues are not enough to prove legitimacy. You can often uncover a social engineering trap by digging a bit deeper.
Be aware of your surroundings.
Social engineers can use shoulder surfing to try to gain information about you. Shielding your information when filling out important documents or entering financial information is a way to protect yourself against this tactic.
Additionally, before granting unknown service providers or visitors access to your home or business, confirm they are who they say they are by contacting the organization they claim to work for. An ID badge, especially if you aren’t expecting their visit, isn’t enough.
What is Farm Credit East doing to protect me?
- Requiring customer authentication when changes are made to your account.
- Utilizing security questions to verify your identity.
- Requiring multi-factor authentication to log into online banking.
Security is at the root of everything Farm Credit East does. Employees take part in various security exercises year-round. Throughout the month of October, staff will be participating in a variety of social engineering security exercises ranging from how to identify phishing emails to education on office security protocols; all in an effort to keep our customers’ data safe!
Editor: Chris Laughton
Contributors: Deanna Pellegrino
Farm Credit East Disclaimer: The information provided in this communication/newsletter is not intended to be investment, tax, or legal advice and should not be relied upon by recipients for such purposes. Farm Credit East does not make any representation or warranty regarding the content, and disclaims any responsibility for the information, materials, third-party opinions, and data included in this report. In no event will Farm Credit East be liable for any decision made or actions taken by any person or persons relying on the information contained in this report.