Home Bank of California

Menu

How to Identify and Protect Against Social Engineering Attacks

Thief stealing information online

Have you ever received a suspicious email from your bank or credit card company asking you to verify your account information? Or maybe you’ve gotten a call from someone claiming to be from Microsoft tech support, trying to troubleshoot problems with your computer? These are all examples of social engineering attacks- scams that use psychology and manipulation to fool people into giving up their personal information.

While social engineering schemes can be sophisticated and difficult to detect, there are some steps that everyone can take to protect themselves against them.

What is Social Engineering?

The term “social engineering” refers to a range of criminal activities that take place via human interactions. It employs psychological manipulation to persuade users to make security errors or provide sensitive and confidential information. Attacks may be conducted over the internet, in person, and through other interactions.

Social engineering is especially harmful because it exploits human errors rather than software or operating system vulnerabilities. Mistakes made by genuine users are far less predictable, making them more difficult to detect and defend against than a malware-based attack.

Social engineering methods, unlike typical cyberattacks that rely on security flaws to gain entry to unauthorized machines or networks, target human vulnerabilities. As a result, it’s also known as human hacking.

The sorts of information these criminals are looking for can vary, but most of the time they’re attempting to deceive you into providing your passwords or financial data, or giving them remote access to your computer in order to install malicious software that will give them access to your passwords and bank details as well.

What does Social Engineering look like?

There are four steps in a social engineering attack: preparation, infiltration, exploitation, and disengagement.

  1. In the preparation stage, the attacker gathers information about their target. They may do this by researching the target online, or by looking for information on social media or other public forums.
  2. In the infiltration stage, the attacker tries to gain access to the target’s systems. They may do this by sending phishing emails or messages that appear to be from a trusted source, or by setting up fake websites that look like legitimate ones.
  3. In the exploitation stage, the attacker uses the information they gathered in the preparation and infiltration stages to try to gain access to confidential data or systems.
  4. In the disengagement stage, the attacker withdraws from the target’s systems, leaving them vulnerable to further attack.

Types of Social Engineering Attacks

There are several types of social engineering attacks to be aware of.

Phishing

Phishing is an email-based attack in which the attacker sends a fraudulent email to the victim, masquerading as a legitimate entity such as a bank or online store. The goal of a phishing attack is to trick the victim into clicking on a link or opening an attachment that contains malware, which will then give the attacker access to the victim’s computer or personal information. Read more here about phishing and email scams.

Vishing

Vishing is a telephone-based attack in which the attacker calls the victim and tries to trick them into providing sensitive information such as passwords or credit card numbers. Vishing attacks can also involve installing malware on the victim’s computer by getting them to click on a link in a text message or by answering a survey question that contains malware.

Smishing

Smishing is a variation of phishing that uses SMS (Short Message Service) text messages to deliver the attack. The attacker typically sends a text message containing a link to a website where the victim is asked to enter their personal information. As with phishing and vishing attacks, smishing attacks can also involve installing malware on the victim’s computer. Read more here about text scams.

Baiting

Baiting is an attack in which the attacker leaves a USB drive or other type of storage device in a public place, such as a coffee shop or library, and waits for someone to pick it up and plug it into their computer. The attacker has planted malware on the storage device that will be installed on the victim’s computer when they open the file or run the program.

Tailgating

Tailgating is an attack in which the attacker follows someone into a building, such as an office or school, and tries to get access to their computer or personal information by copying their credentials. The attacker can also use this technique to get access to restricted areas by following someone who has valid access credentials.

Pretexting

Pretexting is an attack in which the attacker creates a fake identity or story in order to get the victim to provide them with sensitive information. For example, the attacker might call the victim and say they are from the bank and need to confirm some personal information.

Spear Phishing

Spear phishing is a more targeted form of phishing that is used to attack specific individuals or organizations. The attacker will research the victim online in order to find out personal information, such as their email address, job title, or company name. They will then use this information in the phishing email to make it look more legitimate.

DNS Spoofing and Cache Poisoning Attacks

DNS spoofing and cache poisoning attacks are attacks that involve manipulating the DNS (Domain Name System) servers to redirect traffic to a fake website. The attacker can do this by changing the DNS records for a particular website so that the traffic is redirected to their own website. This type of attack can be used to steal sensitive information or install malware on the victim’s computer.

Pharming

Pharming is a type of attack that involves redirecting the victim to a fake website where they are asked to enter their personal information. The attacker can do this by changing the DNS records for a particular website so that the traffic is redirected to their own website. This type of attack can be used to steal sensitive information or install malware on the victim’s computer.

To learn more about safe web surfing,
read our article 11 Ways to Check if a Website is Legit or Trying to Scam You.

Scareware

Scareware is a type of malware that is designed to scare the victim into paying for fake security software. The attacker will typically display a pop-up window on the victim’s computer that claims to be from a security company and shows pictures of viruses or other types of malware. The goal is to convince the victim that their computer is infected and they need to purchase the fake security software in order to fix it.

Dumpster Diving

Dumpster diving is a type of physical security attack in which the attacker goes through the victim’s trash to find sensitive information, such as passwords or account numbers. The attacker can also use this technique to find information about the victim’s company, such as the names of employees or contact information.

Social Engineering Tactics to Watch For

Keep an eye out for these red flags to help you avoid becoming a victim.

  • Receiving unsolicited emails or calls from someone you don’t know asking for personal information
  • Being asked to download software or visit a website
  • Being told to open an attachment or click on a link in an email
  • Being asked to provide your login credentials
  • Being told that your computer is infected and you need to download software to fix it

Here are some questions to ask if you suspect an attack.

  • Did this message come from a legitimate sender?
  • Did my friend actually send this message?
  • Are my emotions heightened?
  • Does the website I’m on have odd details?
  • Does the offer sound too good to be true?
  • Can the sender prove their identity?
  • Do the attachments or links seem suspicious?

How can you protect yourself from social engineering?

There are several things you can do to protect yourself from social engineering attacks, including:

  • Never provide your personal information or login credentials to someone you don’t know.
  • Be suspicious of unsolicited emails and calls, and do not respond to them.
  • Never download software or visit websites from unknown sources.
  • Never click on a link in any emails for messages. Manually type a URL into your address bar.
  • Always check the legitimacy of a website by looking for the https:// prefix and the padlock symbol in the address bar.
  • Never open attachments or click on links in emails from unknown sources.
  • Install anti-virus software and keep it up-to-date.
  • Create strong passwords and change them regularly.
  • Use multi-factor authentication. Biometrics, such as fingerprint or facial recognition, and temporary passcodes delivered via text message, are just a few of the factors that can be used.
  • Update your software and operating system regularly.

 

Further Tips for Businesses to Protect Against Social Engineering Attacks

When it comes to security awareness training, you must train and train again.

Ensure that you have a comprehensive security awareness program in place that is updated to reflect both general and new targeted cyberthreats on a regular basis.

Examine existing financial transfers and other crucial events, payment procedures, rules, and separation of duties.

Remember that separation of duties and other safeguards may be jeopardized at some point by insider threats, so risk analyses may need to be revisited as a result of the increased dangers.

Take the time to evaluate, improve, and test your incident management and phishing reporting systems.

On a regular basis, hold a tabletop exercise with management and key personnel. Examine the controls for potential points of exposure and reverse-engineer possible weak spots.

Stay Aware to Stay Safe

By following these tips, you can help protect yourself and your business from social engineering attacks. Remember to be aware of any red flags and always question the legitimacy of unsolicited requests for information. With vigilance and caution, you can keep yourself safe from these dangerous attacks.

There When You Need Us

All the facts you’ll need to avoid fraud are included in our comprehensive Cybersecurity Awareness collection of articles and tools.

What Our Clients Have To Say

  • We highly recommend Home Bank of California! Christine and the rest of the staff are always willing to help. They are very professional and knowledgeable, and provide quality service!

    Electrical Solar & Lighting, Inc. Logo
    - Beckey Jackson
    Electrical Solar & Lighting, Inc.

  • We have been extremely pleased with Home Bank of California, and would highly recommend them. Christine and the entire staff are always very helpful and knowledgeable. Great people to work with!

    W.E. Heuslein General Contractor Logo
    - W. E. “Buddy” Heuslein
    Owner
    W.E. Heuslein General Contractor, Inc.

  • The Home Bank of California (HBC) team goes above and beyond to make me feel like a valued customer. I initially made the switch to take advantage of the savings account product my previous bank didn’t offer, but quickly realized it’s the customer service that makes them special. Unlike larger banks, I cherish the personal connection with the HBC team and feel the service I receive is tailored to my specific needs as a business owner. Good products, great service, couldn’t ask for anything more!

    Phillip Fowler
    - Phillip Fowler
    Owner
    Happy2Help Transportation

  • Another small business owner recommended Home Bank of California, and they are the perfect fit for us. We have an individual banker to communicate with, and their team has been on top of our needs so far. If you are looking for a nimble business focused bank, Home Bank of California is for you.

    Logo for company 1850 Realty.
    - Eric Farrer
    Owner
    1850 Realty

  • Home Bank of California has been an invaluable partner for our 50 year old family business. These are delicate times, with many pressures, seemingly from every direction. Their dedicated team genuinely cares about our success. These life-long bankers offer essential support with banking needs, but also important aspects like finding capital for improvement and supporting fraud prevention (and remediation). I can always reach out to someone who takes the time to understand our needs, ensuring we stay operational and focused on growth and maintaining solid jobs. When big banks have you questioning who cares about the little guys, HBC is a great place to have a conversation.

    Rebecca Tall from City Farmers Nursery
    - Rebecca Tall
    Owner
    City Farmers Nursery

  • Home Bank of California provides all the services I need to run my business. I would recommend any business owner to work with them. It’s nice to know that I can pick up the phone and speak to someone at my bank.

    Hose Tech Logo
    - Jessica Kifer
    President & CEO
    Hose Tech

  • The best part of working with a community bank is knowing who my banker is. The Home Bank of California staff is always there for me when I need anything. I feel like a valued client of the bank rather than a number.

    Genina Padilla
    - Genina Padilla
    Owner
    Padilla Real Estate Services, Inc.

  • I recently had the honor of acquiring controlling ownership of DEL REY Systems & Technology, Inc., and approached Home Bank of California for assistance with all the financial requirements I encountered. Home Bank of California responded quickly and efficiently to my specific situation and demonstrated just how well they support their small business customers. They continue to impress me with their financial expertise along with their excellent customer service.  I highly recommend Home Bank of California to anyone looking for business banking with refreshingly positive and supportive communication.  

    Picture of Company owner Ken Garber
    - Ken Garber
    President & CEO
    Del Rey Systems & Technology

  • I am founder and President of a team sporting goods business based in San Diego. When the shutdowns hit in 2020, we were hit hard with what I call the 3 big strikes; we are in California, the most closed state, we sell to schools, and we sell team sporting goods. Our sales dropped 50% and our bank called our line of credit due to decreased sales. Home Bank of California stepped in and helped us get back on our feet with a line much larger than what we had in half the time. The Home Bank of California team was fast, professional, and extremely helpful

    Vince Maruca
    - Vince Maruca
    Founder & President
    Prime Sports Sales & Designs, Inc.

  • Home Bank of California allowed us to survive through the pandemic while retaining all of our employees. Then, when the owner was ready to retire, Home Bank of California stepped up and was instrumental in facilitating the transition of ownership for us. Their efforts allowed Diving Unlimited International to stay in San Diego and operate with our philosophy of employees first. Home Bank of California gave us the answers and service when the big banks would not. Their team provides service that is second to none. We are truly grateful for the relationship we have developed and look forward to the future with Home Bank of California as our partner!

    Diving Unlimited International Owners
    - Charles Schultz, COO | Dan Drake, CEO
    Owners
    Diving Unlimited International, Inc.

  • From start to finish, my experience with Home Bank of California was smooth. I truly felt like the whole team took the time to understand my business needs, working closely with me every step of the way to reach my desired outcome. Their staff and services are attentive, professional, and highly personalized. As a business owner myself, these qualities are not only deeply important in terms of client relationships, but they are also greatly appreciated when navigating any banking process. I would recommend Home Bank of California to anyone exploring financial solution providers.

    Armando Anselmo from Champion Eyes
    - Armando Anselmo
    Owner
    Champion Eyes

  • We are so grateful to Home Bank of California. We feel like they truly took the time to learn and understand our business. The HBC team was instrumental in helping us to navigate through the SBA process and get this deal across the finish line.

    Business owners holding sign
    - Oscar & Sandra Vargas
    Owners
    Santa Fe Park Inc.

  • A personal touch is important to me and I appreciate when they address me by my name. Home Bank of California has been our family bank for over 20 years. They understand my business banking needs, and they can offer me solutions that other banks cannot.

    Lucy Burni
    - Lucy Burni
    Burni Enterprises