Menu

Fraud Prevention

< Go Back to Fraud Prevention
Social Engineering

Social Engineering

Social engineering is the act of tricking someone into disclosing a piece of valuable information such as a username, password, credit card number, or social security number. These attacks take advantage of human vulnerabilities such as emotions, trust, or habits in order to convince individuals to take action such as clicking a fraudulent link, visiting a malicious website, or sending unrecoverable funds to someone (often outside of the country).

5 Social Engineering Attacks to Watch Out For:

  • Phishing

    Phishing is the most common type of social engineering attack that occurs today. But what is it exactly? At a high level, most phishing scams endeavor to accomplish three things:

    • Obtain personal information such as names, addresses and Social Security Numbers.
    • Use shortened or misleading links that redirect users to suspicious websites that host phishing landing pages.
    • Incorporate threats, fear and a sense of urgency in an attempt to manipulate the user into responding quickly.
  • Pretexting

    Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they use to try and steal their victims’ personal information. In these types of attacks, the scammer usually says they need certain bits of information from their target to confirm their identity. In actuality, they steal that data and use it to commit indentify theft or stage secondary attacks.

  • Baiting

    Baiting is in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that malicious fraudsters use to entice victims. Baiters may leverage the offer of free music or movie downloads, for example, to trick users into handing their login credentials.

  • Quid Pro Quo

    Similar to baiting, quid pro quo attacks promise a benefit in exchange for information. This benefit usually assumes the form of a service, whereas baiting usually takes the form of a good.

    One of the most common types of quid pro quo attacks that’s come out in recent years is when fraudsters impersonate the U.S. Social Security Administration (SSA). These fake SSA personnel contact random individuals, inform them that there’s been a computer problem on their end and ask that those individuals confirm their Social Security Number, all for the purpose of committing identity theft. 

  • Tailgating

    Our final social engineering attack type of the day is known as tailgating or “piggybacking.” In these types of attacks, someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started. When an employee gains security’s approval and opens the door, the attacker asks the employee to hold the door, thereby gaining access to the building.

    Tailgating does not work in all corporate settings such as large companies whose entrances require the use of a keycard. However, in mid-size enterprises, attackers can strike up conversations with employees and use this show of familiarity to get past the front desk.

     

What You Can Do to Protect Yourself:

  • Never give your Online Banking username or password to anyone
  • Add an extra layer of account protection and quickly identify potentially fraudulent transactions with OSFCU’s Automated Alerts. Set notifications to stay on top of your account activity. With these alerts, you’ll be able to quickly see if there are any changes or transactions that you did not make or authorize, helping you act fast to protect your hard-earned money. Add Alerts within Online Banking to any account.
  • Continue to use our Two-Factor authentication for your online and mobile banking
  • Within Online Banking or Mobile Banking under Card Management, click on your active card and click on “Report lost/stolen” to cancel that card if you feel there has been fraud activity within your account using that particular card number. You can also reorder a new card by clicking on “Reorder card.”