Cybercriminals don’t only send out malicious emails with fraudulent links and attachments to random targets. Many hackers are using social engineering to gain access to your system or information. So, what is social engineering? Social engineering is a targeted approach of a cyberattack that involves the psychological manipulation or deception of individuals which tricks them into performing actions to reveal confidential information. There are a variety of techniques cybercriminals can use during social engineering attacks which is why it is important to ensure you are always cautious with any form of communication.
How Social Engineering Works
Hackers have a process. This process helps them manipulate you and trick you into trusting them so you will give them confidential information. The process of a social engineering attack includes:
- Investigation – The hacker prepares for the attack by identifying victims and gathering background information.
- Hook – The hacker engages the target and attempts to deceive them. The hacker may even provide some piece of real information about the target in hopes that it will get them to provide additional information.
- Play – The hacker obtains information and begins executing the attack.
- Exit – The hacker covers their tracks and brings the attack to an end, ideally without arousing any suspicion from the victim. Attack complete.
The thing to remember here is that even though the email or other form of communication you received may seem legitimate and from a trusted source, doesn’t always mean it is. Look for any red flags to help determine if the communication was in fact from a trusted source or not.
Social Engineering Red Flags
Can you spot a cyber-attack or phishing message? There are various “red flags” that can help reveal if a message is from a hacker. Below is a list of various red flags to watch out for that can help you decipher if a message is suspicious.
- A “friend” sends you a strange message.
- You receive an email or text that is very “urgent”.
- The offer feels too good to be true.
- The sender can’t prove their identity.
- A message reply to something you never requested.
- You receive the message at an odd time of day like 2am.
If you notice any of these red flags and think the message might be a cyber-attack, do not give out your information or engage with the sender in any way. Report the attack to the FTC and make sure to alert your bank if you believe your financial information was revealed and could be at risk. Do not hesitate to contact us at Lincoln Savings Bank for any inquiries regarding securing your information. Protecting your information is a top priority for us.
Member FDIC