Social Engineering
& Cyber Security
Social Engineering & Cyber Security

Protecting yourself
in the digital age
Protecting yourself in the digital age

Protect Your Assets From Identity Thieves

Avoid the relentless pursuit of your personal information.

Read More

Cyber Criminals Study Online Behavior to
Target Unsuspecting Victims

Social engineering takes many forms. Anyone who spends time online, communicates via e-mail, or answers their phone may be targeted through social engineering and fall victim to cybercriminals.

Protect yourself by understanding more about social engineering and how it may be used against you. Knowing what to look for and what to do if it happens can help you reduce the chances of having someone steal your personal or employer data, cash and assets from your financial accounts, and more.

Playing on hopes or fears, criminals will use e-mail to cast a wide net to gather personal data from unsuspecting targets. This is known as phishing. In contrast, spear phishing happens when a specific user’s personal details are used to target him or her directly.

Hope

Appealing to
Your Hopes

Look for new messages

  • “Your digital payment
    account summary”
  • “You have a new
    friend request”
  • “An eCard for you”
  • “Accept your payment
    from Sally B.”
Fear

Appealing to
Your Fears

Look for new messages

  • “Your account has been
    suspended”
  • “Package undeliverable”
  • “Unpaid Invoice”
  • “A warrant for your arrest”

Look for inquiries asking for personal data, like your anniversary, the name of your favorite pet, or your children’s birthdays. These inquiries may look friendly (e.g., “Let us help you celebrate!”), while in reality the criminal may already have some information on you and wants to know more to narrow down account access information.

These inquiries may come via e-mail in phishing, or via phone calls, known as vishing.

Phishing creates
vulnerable entry
points where the
criminals trick
victims into providing
personal information
or allowing access to
their computer.

Never provide sensitive information
via e-mail or to someone who calls
you directly, including:

  • Usernames and passwords
  • Social Security or tax ID numbers
  • Bank or financial account information
  • Credit card information
Phishing e-mails from cybercriminals purposefully look like e-mails from companies or individuals you regularly interact with. They can take many forms, including that of a missed delivery attempt message from an online retailer where you shop, or from a delivery service such as the U.S. Postal Service. Cybercriminals often use subtle tactics to make their e-mails appear to come from a trusted source when, in reality, they are not. Examples include using a “1” instead of a lower case “l” in the return e-mail address, or adding a word in the e-mail address or return links.

Criminals entice users to download a malicious file disguised as a legitimate, harmless attachment, like invoices, receipts or other documents.

Users are enticed to click on hyperlinks, taking them to a site where malware is downloaded, or the victim may be asked to provide sensitive information via an online form.

A Safe Perspective:

Do not download
a document or
attachment or click
a link in an e-mail if
you do not know and
trust the sender.
Common Themes and Tactics of Social Engineering
A bank or credit card company reporting fraud activity and asking for passwords and other personal account details
Government agencies threatening to take action if you do not pay a tax levy, fine, or other fee
Computer help desk offering to solve performance issues if you grant them access to your computer
Posing as friends or relatives asking you to help them with money and keep it secret from other family members
Common Malware Types
Ransomware

Intended to encrypt a user’s data and hold it for ransom
Viruses

Intended to harm a computer system or give the hacker control of the computer
Key loggers

Intended to record keystrokes in an effort to capture passwords
Spyware

Intended to spy on victims
Take action if you are a victim of identity theft.
1. Contact the FTC: IdentityTheft.gov
U.S. victims lost
$19.4 billion
in 2018

according to 2018
Symantec Internet
Security Threat Report
Important Steps: take action if you are a victim of identity theft
Immediately contact Stifel and other financial institutions to report a problem.
You should also contact any other financial institutions where you have accounts that may be impacted by the loss of your personal financial information. These may include banks, credit card companies, or insurance companies.
Change your e-mail and/or account passwords.
Immediately change the password for all accounts associated with potentially compromised personal financial information. Always remember to use strong passwords that are not easy to guess, consisting of at least eight or more characters, including symbols, numbers, and both capital and lowercase letters.
Consider closing compromised accounts.
If you notice any unauthorized access into your investment or financial accounts, you may want to ask your firm to close the account and move the assets to a new account. You should consult your investment firm/bank about the best way to handle closing an account, if you choose to do so.
Monitor your investment accounts for suspicious activity.
Look out for any changes to your account information that you do not recognize (e.g., a change to your address, phone number, e-mail address, account number, or external banking information). You should also confirm that you authorized all of the transactions that appear in your account statements and trade confirmations. If you find any suspicious activity, immediately report it to your financial institution.
Place a fraud alert on your credit file.
Placing an initial fraud alert in your credit file provides notice to potential creditors (e.g., banks and credit card companies) that you may have been a victim of fraud or identity theft and will help reduce the risk that an identity thief can use your persomnal financial information to open new accounts. Contact any of the three credit bureaus listed below and ask them to add an initial fraud alert to your credit file.
Credit Bureau Contacts
Experian
Experian.com/help
888-EXPERIAN (888-397-3742)
TransUnion
TransUnion.com/credit-help
888-909-8872
Social Engineering
Protect Against
Social Engineering

Be aware of any form of
unsolicited contact, and don't be
coerced by fear, hope, or urgency.

Don't give personal information
or make a payment to anyone
who calls you.

Be careful of what you post
about your family information,
locations, travel plans, etc. on
social media and neighborhood
message boards.

Don't trust an unusual sense
of urgency. Tactics such as:
"Account Locked," "Package Was
Undeliverable," or "Security Alert,
Fraudulent Activity" should be a
tip-off.

Phishing
Protect Against
Phishing E-mails

Double-check the e-mail address
to verify that the message is from a legimate sender. Think about
whether this is an e-mail they
would typicall send you.

Check to see if the grammar and
language fit the supposed sender.

Do not click on any link unless
you are certain it is legimate.
Hyperlinks can be "spoofed".
Hover your mouse over a
hyperlink to see where the link actually takes you.

Never open an attachment from
an unknown source.

Vishing
Protect Against Vishing

Never give your personal
information to unsolicited
callers no matter how much
they insist.

When in doubt, call them back
at the phone number on your
account statement – not at a
number provided by the caller.

Be aware that computerized
voices leaving messages
regarding legal action against
you are never real.

Do not let callers take control
of your computer to "fix" a
problem.

Don't trust your caller ID – it
can be spoofed.