How to Confidently Prevent Phishing Attacks & Social Engineering Fraud
Ann Davidson, Vice President of Risk Consulting
Google defines social engineering as “the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.”
Online scams and phishing attempts are by far the most common ways in which fraudsters attempt to perform social engineering on your consumers to steal their information. And these attacks are getting more and more sophisticated in their delivery.
Case in point: Recent reports have surfaced where scammers are contacting consumers as the Social Security Administration to trick them into giving up their personal information, which would then be used to perform identity fraud or synthetic identity theft.
This stuff is no joke, and it only continues to get worse! In fact, 2018 is likely going to see one heck of an uplift in the amount and severity of these attacks, majorly due to these key factors:
1. More exposed records: 145.5 million U.S. records were exposed last year from the Equifax data breach alone. With that and other breaches taking place in 2017 (like Deloitte and Sonic Foods) you are looking at a consumer base that is at high risk for identity theft and fraud exposure this year.
2. More sophisticated processes: The tools and processes used by criminals to perform these attacks are evolving and becoming more sophisticated in an effort to fall under the radar and have more success in their attempts. In fact, more and more fraudsters are treating these crimes like a business with hired employees and standardized processes.
Click to Tweet: Due to recent #databreach attacks like #Equifax and #WannaCry, #identitytheft and #fraud is expected to rise among #consumers. Take action now to learn what you can do to stay protected!
While these scam attempts will grow, your exposure to these attacks doesn’t have to! Here are steps you and your consumers can take to proactively protect against phishing & social engineering fraud attempts:
Social Engineering Fraud Prevention Business Checklist
- Monitor employees’ accounts to watch for any suspicious activity, especially those employees that have access to sensitive information
- Educate employees about ongoing threats
- Verify deposited checks clear before permitting a withdrawal or transfer
- Establish a multi-level authentication process for financial transactions or account change requests not performed in person
- Tell employees to never open or forward emails, links or attachments received from unknown source
- Ask your employees to be wary of any prizes or offers made over the phone, email, or text especially those that offer to update, correct or solve a computer issue or problem
- Encrypt private information prior to shredding or destroying documents or storage devices
- Conduct tests to determine where system vulnerabilities exist and promptly address them
- Monitor social media outlets to reduce the chance of sensitive information being posted
- Educate staff & consumers about what to watch for to catch and prevent an attack
- Inform consumers you'd NEVER request personal or financial information using outbound emails, texts or phone calls
- Make education to consumers readily available:
- Post an alert on your website with any recent news/updates/education
- Post educational flyers around your branches
- Add a message to your phone recordings about phishing scam prevention
- Place an alert on your home banking page to:
- Caution and educate consumers
- Tell consumers to change their password if they suspect an attack
- Ask consumers to let you know right away about any attack suspicions
- Work with peers to help inform and protect one another from major scam threats
- Develop proactive measures and reactive guidelines for handling a large-scale data breach
Social Engineering Fraud Prevention Consumer Checklist
- Be cautious of any company you choose to engage in business with
- Be cautious when asked to wire money
- Review your account statements frequently
- Consider giving only to established charities in the event of a disaster
- Always conduct your own research if someone contacts you with low-risk, high-return investment opportunities
- Be cautious when buying products online
- Use strong password protection
- Don’t respond, open any attachments or click on any links if a message looks suspicious or is from an unknown source - Even if the message threatens to close/suspend an account or says an account has been compromised
- Be wary of emails, phone calls or text messages that request confidential or personally identifiable information, including:
- Social Security Number
- Birth date
- Account numbers
- Login IDs
- Card numbers
- Report scam attempts to your financial institution(s)
- Protect yourself from potential identity fraud with strong ID theft protection
If you take action NOW to proactively mitigate these fraud risks, you can protect your business and consumers from these coming attacks.
Consider how good you might look if you saved hundreds – or even hundreds of thousands – of your consumers from having to deal with identity theft or fraud. Now consider the alternative.
I know what I would do if I were you…
Watch the webinar "Sweetheart Scams, Phishing Attacks, and Member Fraud" to learn more about preventing these attacks.
Sign up for our newsletter to receive ongoing fraud education.