Social engineering attacks use human interaction (social skills) to obtain or compromise information about an organization or its computer systems. A cyber-criminal may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. They may be able to piece together enough information to infiltrate an organization’s network by asking questions of several people over a period of days.
The Bank offers the following Security Procedures related to social engineering risk:
- Never provide passwords or answers to security questions to anyone.
- Never provide usernames, full names, IP address, etc. to anyone without verifying the legitimacy of the request.
Always alert others at your organization if you receive a suspicious phone call where the caller is requesting this type of information. If a social engineering attacker is not able to gather enough information from one source, they may contact another source within the same organization in order to add to their credibility.
Limit the amount of personal information you provide on social networking sites. The more information you post, the easier it may be for a criminal to use that information to steal your identify, access your data or commit other crimes.