Social Engineering Scams
Social engineering scams are on the rise, especially ones that relate to your personal bank. In these types of scams, the culprits attempt to con you into giving up your private information (account numbers, credit card info, SSN, etc) so that they can use it to steal your money, sell your info on the dark web, or open lines of credit in your name.
Look out for these scams
Phishing, vishing, smishing – The most common types of social engineering attacks; a scammer will attempt to get personal information by getting victims to click on a fake email, phone call or text message. These types of campaigns try to create a sense of urgency, pique curiosity, or instill fear so that victims click on the malicious links and give their personal information.
- Example: an email sent to John from “his bank” saying his account has been suspended unless he inputs his login information immediately. When John clicks the link, he is brought to a website replicating that of his financial institution,
where they ask for his account info and password.
Pretexting – In pretexting, the scammer will attempt to access personal information through a carefully crafted lie. They will often impersonate a trusted individual or institution and insist that they need access to sensitive information in order to perform a critical task. They may even ask the victim to do something that circumvents the security protocols of the institution they are impersonating. Pretexting can be a form of phishing.
- Example: A scammer calls Jane and says they work in the fraud department of her bank. They noticed something unusual in her account activity and want to confirm that it is correct. In order to do so, they first need to ask for her full account number, password and security question answers in order to confirm it is her.
How to protect yourself against scams
To reduce the chance your personal information will get stolen, follow these tips.
- Look closely at the sent addresses in emails. Scammers will try to spoof institutions and people but there may be obvious discrepancies in the URL.
- Do not trust Caller-ID. Criminals can spoof these to look like legitimate callers. Go to the source directly.
- Check for incorrect grammar and typos. If there are errors, delete the message.
- Block spam calls and unwanted text messages. You can also add your number to the Do Not Call Registry here: www.donotcall.gov
- Do not share your personal information in response to a request you did not directly initiate.
- Resist the pressure to act immediately. It’s important to take a minute to stop and think when you are being asked to give up bank information immediately or to take up an offer “only good for today.”
- Recognize the ways scammers typically ask you to pay: wire transfers, crypto, gift cards or cash as these methods of payment are all less traceable.
- If you’re unsure whether a call is legitimate, call the financial institution in question yourself using a phone number listed on their official website or your account documents.
- Remember: If it’s too good to be true, it probably is.
Check for identity theft and fraud
It’s a good idea to regularly monitor your accounts for fraud, even if you’ve been diligent about deleting spam emails.
- Safeguard your Social Security Number
- Freeze your credit
- Check your credit report regularly
- Monitor your financial & medical statements
- Use strong passwords and change them regular. If given the option, use multi-factor authentication.
- Protect your mobile device with a code
- Watch your mailbox (and even better, get a lock box)
- Shred sensitive documents (anything with identifying personal information)
- Consider enrolling in a Scam prevention tool, like Iris’ ScamAssist
If you think you’re the victim of identity fraud, do the following
More info can be found here.
- Contact any companies where fraud occurred
- Report it to your local police station or the FBI
- File a complaint with the FTC