What is Social Engineering?

Back to Customer Education

So you already have up-to date virus protection and a firewall on your computer, locks on your home or business's windows and doors, and maybe you even have a security system with all the important alarms and alerts. No one has unauthorized access to your information, right? Not necessarily. Social engineering is on the increase, so it's important to understand what it is and how to avoid becoming a victim.

Social engineering is basically the "art" of getting people to drop their guard and reveal details or access that they'd usually refuse. An attacker uses human interaction, that is, their social skills, to obtain information. They may seem unassuming and respectable, but by asking questions, they may be able to gather enough details to steal an identity, access bank accounts, enter your home or workplace, or many other devastating scenarios.

Be Skeptical to Avoid Becoming a Victim:

  • Be very leery of unsolicited phone calls, visits, or email messages that request any type of personal or confidential information. Even if someone seems to know about you, your family or your employer, they could have obtained those details from a social networking site. For example, did someone post vacation pictures, the results of a ball game, or your spouse's name? Criminals can use small details to make you believe they are safe.
  • Do not give sensitive information to anyone unless you are sure that they are indeed who they claim to be and that they should have access to the information. NEVER share passwords, Personal Identification Numbers (PIN) or access codes.
  • Do not provide information about your employer, including its employees or networks, unless you are certain of a person's authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations.
  • Don't send sensitive information over the Internet before confirming the website's security.
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check your previous statements for contact information.

What if you think you might already be a victim of Social Engineering?

  • If you believe you might have revealed sensitive information about your employer, report it to management. They can contact the appropriate staff to be on alert for suspicious or unusual activity.
  • If your financial accounts may be compromised, contact your financial institution immediately and watch for any unexplainable charges to your account.
  • Change your passwords and make sure that you DO NOT use the same password for multiple resources. Be sure not to use the compromised password in the future.
  • Watch for other signs of identity theft, such as missing mail, errors on your credit report, or unexpected phone calls about money owed.
  • Consider reporting the attack to the police and file a report with the Federal Trade Commission.