Phishing
Phishing & Social Engineering
About Phishing & Social Engineering
Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details and passwords. Social engineering on the other hand is a tactic used by cybercriminals to manipulate individuals into divulging sensitive information or performing actions that compromise security. Instead of relying on technical vulnerabilities, social engineering exploits human psychology and trust to deceive individuals into providing access to confidential information or systems.
The information illegally procured by both phishing and social engineering is then used to access essential accounts, resulting in identity theft and financial loss.
Helpful Tips on Identifying Phishing emails
- Bad spelling and grammar in the text of the email.
- Have a sense of urgency. Hackers word emails to include a sense of urgency to make you react quickly, reducing your time to think and realize the scam.
- Be suspicious of emails that ask for your personal information
- First-Citizens Bank and most other companies will never ask for your credentials via email.
- Please hover over the link before clicking on it to ensure it’s taking you where it says it will take you. Check the website: Is it HTTP or HTTPS? Is it spelled correctly? Is it the company’s website? Some links may be legitimate so make sure you check them all
- If you click the link and are unsure if it is accurate or fake, try a fake password first. If it appears you have signed in, then you are probably on a phishing site.
Helpful Tips on avoiding falling victim to social engineering:
- Be suspicious of people you don’t know who ask for sensitive information: always maintain a healthy sense of scepticism when dealing with unknown individuals, especially if they ask for any internal or sensitive information. Remain on guard and verify the identity of any person making an unsolicited request before you provide information by phone, email, or in person.
- Avoid posting and sharing personal information on social media platforms: such as names, phone numbers, addresses, school and work locations, and other sensitive information as text or in a photo.
- Use multifactor authentication where applicable: One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise