Avoiding Social Engineering Attacks
11/13/18
In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them information. People have a natural tendency to trust. Social engineering attacks attempt to exploit this tendency in order to steal your information. Once the information has been stolen it can be used to commit fraud or identity theft.
Criminals use a variety of social engineering attacks to attempt to steal information, including:
- Website Spoofing
- Phishing
The following sections explain the meaning of these common attacks and provide tips you can use to avoid being a victim.
What is Website Spoofing?
Website spoofing is the act of creating a fake website to mislead individuals into sharing sensitive information. Spoofed websites are typically created to look exactly like a legitimate website published by a trusted organization.
Prevention Tips:
- Pay attention to the web address (URL) of websites. A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
- If you are suspicious of a website, close it and contact the company directly.
- Do not click links on social media sites, pop-up windows, or non-trusted websites. Links can take you to a different website than their labels indicate. Typing an address in your browser is a safer alternative.
- Only give sensitive information to websites using a secure connection. Verify the web address begins with "https://" (the "s" is for secure) rather than just "http://".
- Avoid using websites when your browser displays certificate errors or warnings.
What is Phishing?
Phishing is when an attacker attempts to acquire information by masquerading as a trustworthy entity in an electronic communication. Phishing messages often direct the recipient to a spoof website. Phishing attacks are typically carried out through email, instant messaging, telephone calls, social media, and text messages (SMS).
Prevention Tips:
- Delete email and text messages that ask you to confirm or provide sensitive information. Legitimate companies don't ask for sensitive information through email or text messages.
- Beware of messages sent through social media. Legitimate companies don't ask for sensitive information through social media. Beware of visiting any website addresses sent to you in unsolicited messages.
- Even if you feel the message is legitimate, type web addresses into your browser or use bookmarks instead of clicking links contained in messages.
- Try to independently verify any details given in the message directly with the company.
- Utilize anti-phishing features available in your email client and/or web browser.
- Utilize an email SPAM filtering solution to help prevent phishing emails from being delivered.
Report Fraudulent or Suspicious Activity
Contact us immediately if you suspect you have fallen victim to a social engineering attack and have disclosed information concerning your Sunflower Bank accounts.
Call us at 1.888.827.5564 or visit your local Sunflower Bank branch location.
Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions under your account, notify Sunflower Bank immediately.
Ready to explore how Sunflower Bank can assist you? Speak to a personal banker at a branch near you, contact a specialist on our Wealth Management team, or find the right financial partner on our Commercial Banking team for your business needs.
This article contains general information only. Sunflower Bank is not, by means of this article, rendering accounting, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, before making any decisions related to these matters, you should consult a qualified professional advisor.