One of the tricks that the bad guys use to gain personal information about us is called Social Engineering. Wikipedia defines it as “psychological manipulation of people into performing actions or divulging information.” There are several common social engineering techniques including:
Pretexting
Pretexting is the act of creating and using an invented scenario to engage a targeted victim to divulge information (like social security number, date of birth or account numbers) that they would not normally divulge. Many times the pretext involves impersonating a person or business (your Credit Union for example) so that the person doesn’t think anything is wrong and will many times unknowingly give out personal identity information.
The opening scene of the 2012 movie Identity Thief is a prime example of a pretext. In the scene, Jason Bateman is tricked into believing that the person on the other end (Melissa McCarthy) is really from his bank’s fraud division. He is fooled into giving out his personal information and she steals his identity and makes his life pretty miserable. Just like in real life, Melissa McCarthy relied on an elaborate lie over the phone that forced Jason Bateman to make a quick decision on whether to fall for the pretext.
Kirtland Federal Credit Union will NEVER call you and ask for any personal information. Not ever! If anyone calls saying they are from KFCU and are asking for personal information, don’t give it out! When we call you it will be to give you information, not ask for it!
Phishing
Phishing is another way to fraudulently obtain personal information for the purpose of identity theft and fraud. Most phishing attacks come in the form of emails. Typically the email has a similar look and feel as the company that it is trying to mimic, many times including a logo from the company. The emails usually ask for things like social security numbers, account numbers and many times ask for your security questions (like mother’s maiden name high school or other things only you should know). The purpose of phishing is to get enough information to steal your identity and eventually commit fraud against you. Sometimes the phishing email will have a link to a web page that looks similar to the real thing.
KFCU will NEVER send you an email asking you to supply any information. We do from time to time send emails with great offers and information about upcoming events, but we will never ask for any of your personal or account information by email.
Quid Pro Quo
Lastly, another type of social engineering is called quid pro quo. This involves a fraudster calling a lot of people posing as technical support. When they call someone who is really having computer issues they offer to help and fix the problem, and in the process gets the unsuspecting user to type commands that load malware that will then allow the fraudster to access the computer to steal identity or account information.
The way to avoid this type of social engineering is simple. Ask the caller what company they are calling from and who they are calling for. If they don’t know who you are and you don’t recognize the company, hang up.
Social engineering relies on confusion and trickery. Don’t be fooled into giving up your personal information. KFCU will never call or email you asking for any personal information. If in doubt, hang up and call us!
Your Wingman GW
No comments:
Post a Comment