Social Engineering
Avoiding Social Engineering Attacks
What is social engineering?
Social engineering attacks exploit human interactions to manipulate individuals into divulging confidential information. These attacks take advantage of people's inherent trust to steal information, which can then be used for fraud or identity theft.
Common social engineering attacks include:
- Website spoofing
- Phishing
- Vishing
- Quishing
What is website spoofing?
Website spoofing involves creating a fake website designed to look like a legitimate one, tricking users into sharing sensitive information. These spoofed websites often mimic those of trusted organizations.
Prevention Tips:
- Check the URL: Look closely at the web address. Even if a website appears legitimate, the URL may have slight spelling variations or use a different domain.
- Verify Suspicious Websites: If you are unsure about a website, close it and contact the organization directly.
- Avoid Clicking Untrusted Links: Do not click links from social networking sites, pop-up windows, or non-trusted websites. Instead, type the web address directly into your browser.
- Ensure Secure Connections: Only enter sensitive information on websites with a secure connection. Look for URLs that start with “https://” (the "s" indicates a secure site).
- Heed Browser Warnings: Avoid using websites that display certificate errors or warnings.
What is Phishing?
Phishing involves an attacker posing as a trustworthy entity to obtain information through electronic communication. These attacks often direct recipients to spoofed websites and are typically conducted via email, instant messaging, phone calls, and text messages (SMS).
Prevention Tips:
- Delete Suspicious Messages: Do not respond to emails or texts asking for sensitive information. Legitimate companies do not request sensitive information this way.
- Be Cautious with Links: Avoid visiting websites from unsolicited messages. Type the address into your browser or use bookmarks instead of clicking links in messages.
- Verify Messages Independently: Confirm any details provided in the message directly with the company.
- Use Anti-Phishing Tools: Utilize anti-phishing features in your email client and web browser.
- Implement SPAM Filters: Use email SPAM filtering solutions to reduce the delivery of phishing emails.
Quishing and Vishing are similar to Phishing but use different contact methods. Quishing uses a QR code to direct someone to a fraudulent site or service, and Vishing is using a phone call (voice – vishing) to conduct the fraud. Prevention for these methods is like that of Phishing.
Report Fraudulent or Suspicious Activity
If you suspect you have fallen victim to a social engineering attack and have disclosed information about your Cornerstone Capital Bank accounts or online banking login information, contact us immediately at 833-567-2265 (BANK).
Regularly monitor your account activity to detect any fraudulent transactions. Cornerstone offers online banking alerts that can help notify you immediately of suspicious activity. Notify Cornerstone Capital Bank immediately if you notice any unauthorized transactions or profile changes.
Please note, you can change your Cornerstone Capital Bank online banking password at any time as a precaution, or if you believe it has been compromised.
Additional Resources
For more information regarding online security, visit: