|Cyber Security||Scams & Frauds||Reporting Fraud||ATM Security||Security Tips||Business Security|
Social Engineering is a method used to attempt to obtain secure information by tricking an individual into revealing the information. The goal of social engineering is to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, or identity theft.
Social engineering is normally very successful because most victims want to trust people and be helpful. Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task.
- Phishing: Fraudulent Emails
- SMiShing: Malicious Text Messages
- Pretexting: Social Engineering by Phone
What should you do
- NEVER share your username or password with anyone.
- Meet unsolicited emails with skepticism especially if an email is unexpected and asks you to perform an action such as opening an attachment or clicking a link.
- Keep in mind that phishing emails may be targeted and address you by name as skilled attacks can be very persuasive.
- Be totally comfortable with an email before clicking links or opening attachments.
- Never give out personal information, including your account information, social security number, and user ID, unless you have initiated the request.
Phishing is a technique that uses fake emails and fraudulent websites to gain personal information for purposes of identity theft. The fraudulent email messages and/or websites are designed to fool you into divulging personal financial data such as your credit card numbers, account usernames and passwords, and social security number or to deliver malicious software such as viruses or Trojans to your computer. Phishing is one of the most common scams on the Web and fraudsters are constantly modifying their attacks to include details that will make the recipient believe the scam is real.
One method fraudsters use is to create a fake website that looks like a known good site by copying the real website. The fraudsters include a link to the fake website in an email. Unsuspecting recipients that click on this link are connected to the fake website. However, the user does not know that they have been connected to the fake website which has been designed to collect information or deliver malicious software.
- Be suspicious of any email that requires an urgent response from you. Fraudsters will send emails that require your immediate attention to "verify their records" or to complete or cancel a transaction.
- Do not click on links sent in an email that is requesting information or requesting an update. Emails requesting you to "click here" in order to update personal information may end up redirecting you to a fake website collecting your data for malicious use. If you are unsure, contact the company or financial institution on the phone or go to their website address directly by typing it into your browser's address bar.
- Do not fill out forms requesting confidential or financial information unless you are dealing with a reputable site that you can verify as authentic. You may verify this by checking for the "lock" icon in your browser window and "https://" preceding the website address in the address bar.
Millions of phishing emails are sent and circulated daily. They claim to come from a wide variety of sources, including Metro Bank.
At Metro Bank, we take the security of our customers' financial information very seriously. We work around the clock to monitor phishing activity and close fraudulent websites. Our customers are valuable partners in reporting and helping to prevent fraud.
The emails below are provided solely to give you an idea of how fraudulent emails may look. Metro Bank did not send them, and our systems have not been compromised in any way.
You may have received a fraudulent email that differs from these examples. Please see the section on how to recognize a fraudulent email.
Fraudulent Email Example 1 (subject lines vary)
Subject: Notification for Customer of e-mail address change
E-MAIL CHANGE NOTIFICATION
Thank you for banking online at mymetrobank.com. Our records indicate that you recently added or made a change to one of your email address(es). This notification is to confirm that you initiated this change. If you feel you have received this email in error and did not add or change your email address(es), please click here.
Online Banking Team
Fraudulent Email Example 2 (subject lines vary)
Subject: Regarding Your Metro Bank Account
Dear Metro Bank Customer,
We have noticed that you experienced trouble logging into Online Banking.
Your Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Metro Bank is committed to making sure that your online transactions are secure.
To unlock your account, and verify your identity please follow this link and sign in
Online Customer Service
Fraudulent Email Example 3 (subject lines vary)
Subject: Periodic Account Review
E-MAIL CHANGE NOTIFICATION
Metro Bank is constantly working to increase security for all Online Banking users. To ensure the integrity of our online payment system, we periodically review accounts.
Your account has been placed on restricted status. Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds.
To lift this restriction, you need to login into your account (with your username or SSN and your password), then you have to complete our verification process. You must confirm your credit card details and your billing information as well. All restricted accounts have their billing information unconfirmed, meaning that you may no longer send money from your account until you have updated your billing information on file.
To initiate the billing update confirmation process, please follow the link bellow and fill in the necessary fields:
Recognize Fraudulent Email
Phishing emails and fraudulent websites can be very sophisticated and may contain Metro Bank's legitimate logo and branding. Fraudsters may even tamper with the sender information in an email to make their "phish" look even more legitimate.
Although fraudsters use various tactics in their phish, there are common elements you should familiarize yourself with.
- Uses an incorrect URL.Verify that the site address is accurate. Fraudsters may use slight misspelling of the correct website or may redirect you to a completely unrelated website. You can also hover your mouse pointer over a link in email to verify that the link is directed to the same site that the email came from.
- Asks for banking information.Metro Bank will never ask for your bank account information or your debit card and PIN numbers via email. Be wary of any email or site that asks for sensitive information, such as your Social Security Number or credit card number, that is beyond your standard login.
- Uses a public Internet account.Before you click on any link sent to you via email, take a look at the sender's email address. If the email is from a public account (i.e. a Yahoo, G-mail or any email domain that is inconsistent with other known email addresses at that organization), but claims to be from your bank or other business, do not trust the email.
- Addresses you generically.You should also make sure that any email claiming to be from your bank includes your given name in the message, such as "Dear William Smith," instead of "Dear Customer."
- Includes misspelled words.Real companies have staff checking the accuracy of emails and websites, and a mistake like this would be caught before it was sent or published.
- Connects you to an unsecure site.Legitimate e-commerce sites use encryption to help ensure that your payment information remains safe. Look for the "lock" symbol in the browser window and verify the address starts with "https://" rather than just "http://". Do not enter payment information on any site that isn't secure.
Protect Your Computer Against Malicious Software
Tips to protect your computer against malicious software:
- Install a router between your computer and your Internet connection. This will stop hackers from accessing your computer directly.
- Install a software firewall and antivirus software. This will block unauthorized access to and from your PC or your network. Many vendors bundle this software into a security solution. Furthermore, many Internet Service Providers now offer anti-virus packes as part of their service. Contact your Internet Service Provider to inquire if an anti-virus solution is included with your package.
- Do not open an email attachment unless you are expecting it. That attachment containing the shipping label for the shipment you didn't send? It contains malicious software. The most suspicious attachments are those ending in .pdf, .exe, .bat, .com, and .vbs.However, Microsoft Office documents can also have malicious software embedded in them. Some computers mask the file extension, so be wary of any unexpected attachments.
- Keep your computer software patched and up to date. Microsoft Windows can be set up to update automatically. Microsoft also releases software patches on the second Tuesday of the month. Make it a practice to check all your software at that time. Software patches and new versions contain fixed code that stops malicious software from operating.
- Back up your data. Backing up your data has become easier and faster than ever. Purchase an external hard drive or sign up for a secure online service. Most external drives and online backup services come with software that lets you automate backups, making things even easier.
- Follow our tips for preventing phishing.Phishing is one of the primary sources of malicious software.