Understanding Social Engineering – Scam Scenario

Michael receives a phone call from someone claiming to be an employee of Centennial Bank. The caller is polite and explains that they are updating their customer records to enhance security measures for bank customers. The caller states that due to recent system upgrades, the bank is requiring account information from Michael to ensure his account is updated properly.

Michael, concerned about the security of his bank account, appreciates the proactive approach the bank is taking and the promise of enhanced security for his account. The caller requests Michael’s account number, social security number, and Internet banking credentials to complete the account update process.

The caller assures Michael that this is standard procedure and emphasizes the urgency, stating that failure to provide the information promptly may result in account suspension or limitations.

Although Michael is generally cautious, the sense of urgency and the caller’s supposed affiliation with the bank cause him to let his guard down momentarily. He decides to trust the caller and discloses the requested information, believing he is ensuring the security of his bank account.

This example demonstrates how social engineering scammers can exploit an individual’s trust in financial institutions and the use of urgency as a tactic to manipulate them into revealing sensitive information. The scammer preys on an
individual’s concerns about their bank account’s security to trick them into sharing valuable data.

To protect against such scams, it’s imperative to remain educated about the common tactics used by scammers and to remember the importance of verifying the identity of callers. It’s best to independently contact your bank through a verified contact to confirm the authenticity of any requests for information.

Be Aware.

Social engineering attacks can occur through various mediums, including phone calls, emails, text messages, or even face-to-face interactions.

Here are some common social engineering techniques:

• Phishing: Phishing emails or messages appear legitimate and often mimic trustworthy organizations or individuals. They aim to trick recipients into revealing personal information, such as passwords, credit card details, or login credentials.
• Pretexting: Attackers create a fabricated scenario or story to manipulate individuals into sharing confidential information or performing actions they would not usually undertake. The attacker might impersonate a co-working, tech support, or a trusted friend/family member.
• Baiting: Baiting attacks lure victims by offering something enticing, such as a free gift, coupon, or download. The bait is typically used to trick individuals into disclosing sensitive information or executing malicious files that infect their systems.
• Tailgating: Also known as “piggybacking,” tailgating occurs when an attacker gains unauthorized physical access to a restricted area by following an authorized person. This technique capitalizes on people’s natural inclination to hold the door open for others.

Recognizing and Preventing Social Engineering Attempts.

• Be skeptical: Maintain a healthy level of skepticism and question any unexpected requests or offers. Verify the identity and legitimacy of the person or organization by using alternative contact information, such as official websites or phone numbers.
• Think before you click: Exercise caution while opening email attachments or clicking on links, especially if they come from unknown sources. Hover over links to check the destination URL and avoid downloading files from untrusted websites.
• Protect personal information: Avoid sharing sensitive data, such as passwords or financial details, via email, text, or phone unless you have initiated the contact. Legitimate organizations won’t request this information via such means.
• Stay educated: Stay informed about the latest social engineering techniques and share your knowledge with friends, family, and colleagues. By collectively raising awareness, a stronger defense can be created against social engineering attacks.

Remember.

• Centennial Bank will never contact you to request your password or PIN.
• Centennial Bank will never send you a request asking you to enter your credentials.
• Be cautious of any unexpected texts, emails, or phone calls requesting identity confirmation or account information.
• Do not click on any suspicious links or provide your information using email links that you are not expecting or are not able to validate. When in doubt, go directly to the website.

If you feel you have been victimized by a fraud attempt contact our Customer Care Center
immediately at (888) 372-9788.