How to Avoid the Bad Guy Help Desk
How do I know this is a legitimate request?
Let me start by explaining social engineering. In this context, social engineering is the use of deception to manipulate you into divulging confidential or personal information that may be used for fraudulent purposes. In other words, fraudsters use commonly available channels to find information they can use to commit fraud (google yourself sometime –I promise it’s not dirty, and seeing how much of your personal information is out there can be an eye-opening experience). Some fraudsters send emails pretending to be someone they are not, or use illegal channels to purchase sensitive information such as social security or credit card numbers. Armed with as much info as they can find, they set out to use your information for monetary gain by doing things like creating new bank accounts, gaining access to online banking or signing up for new credit cards.
Social engineers are tricky. They may call or email you pretending to be from Microsoft, or Verizon, or even your bank…and they’re good at it. The good ones do their homework and often find information you wouldn’t expect; such as your favorite store, the place you bought your last car, or even the name of the person who sold you that car. All it takes is a little detective work online (like a post on a dealership website with comments from your salesperson) and these people start making connections, connections they use to break down your defenses.
What can we do about these scammers?
The best defense is to arm yourself with knowledge and be very protective of your personal, sensitive information. Most companies don’t call you to ask for information, especially information they already have (your credit card company already knows your social security number and your account number, why would they ask for that over the phone?). If a company calls asking for your personal information, hang up and call them back using the company’s official phone number. Yes there are times where they may verify information to confirm you are who you say you are, but that deals with calls you made to them, not calls they are making to you.
The same applies to email. Fraudsters can create emails that appear to come from a trusted vendor, relative or friend…it’s actually quite easy to do. If you receive a Verizon email claiming you have an outstanding $4,000 bill, don’t panic and click the link or call the number listed in that email…go online and search Verizon and call their official company phone number or use a previously saved contact from your phone. That may sound odd, but if a fraudster sends you an email, one of their goals is to direct you to a compromised website or give you the phone number of their very own bad guy help desk, where they pretend to be Microsoft or Verizon or whomever they want you to believe they are that day.
Always remember to protect your sensitive information and question any situation where you’re asked for things such as your social security number, Driver’s license or other government identification number, date and place of birth etc. If it feels odd that you’re being asked for that information, it probably is. You have every right to question why you’re being asked for personal information and if the response doesn’t feel right, it probably isn’t!
Being in the know is the first step to protecting yourself and your business from cyber fraud. Choice Bank is committed to providing you with up-to-date resources and tips to help you stay informed. Learn more at bankwithchoice.com/cybersecurity.
—Steve Fercho, Cybersecurity Officer