There has been a lot of discussion recently around criminals getting ahold of private information via large-scale corporate data breaches. However, it still remains much easier for identity thieves to steal personal information through social engineering methods. Also known as “people hacking,” social engineering refers to tactics used to manipulate people into giving up their information, often by exploiting their natural tendency to be trustworthy and helpful.
It's unfortunate, but in today’s world we have to be careful who we trust and what information we share. Here are some common forms of social engineering that identity thieves like to use:
Impersonation is exactly what it sounds like – a criminal will pretend they are someone else in order to gain a person’s trust. For example, someone may call you and say that he/she is a representative of your financial institution and needs to verify your account information for some reason or another. Your first instinct may be to give the polite individual the information, because it is human nature to want to be helpful. But it is important to remember that your financial institution should never be contacting you requesting account or other private information. If you are unsure about a phone call you receive from someone claiming to be from your financial institution, kindly tell the representative that you will call back, then call the customer service line found on the financial institution’s website.
Beware of lurkers. Shoulder surfers will put themselves in a physical position that enables them to observe when a victim is typing confidential information. At an ATM, criminals may try to peer over your shoulder to watch you type in your PIN. Or they may try to snap a photo of your credit card number in the grocery store checkout line with their cell phone. Always be aware of your surroundings when you are completing a financial transaction in a public place.
Do people actually go through your dirty trash in the off chance they may find personal information that they could use to steal your identity? You bet. To avoid someone getting your information this way, make sure you shred or securely destroy all hard copies of documents containing your private information. Enroll in electronic bank statements and electronic bills whenever possible to limit the number of hard copies you need to worry about.
Phishing scams make use of the internet to try to capture people’s information, such as their passwords, credit card numbers, and bank account details. A criminal may send a fraudulent email claiming to be from a person’s financial institution – much like impersonation. The email will encourage its recipients to click on a link and enter or update their personal information, maybe stating that the financial institution lost some of its data. These phishing emails often include a threat that your account will be blocked if you do not enter your information. The information that a person enters then goes straight to the criminal who will do what they please with your personal information.
To avoid being a victim of a phishing scam, do not respond to any email requesting your personal information, and report any suspicious emails to your financial institution. It’s also a good idea to bookmark login screens, and use the bookmarked page every time you log in to your accounts.
For more tips on protecting your information, visit our Security and Fraud Prevention Center, and check out these five key tips from the FDIC for National Consumer Protection Week. When it comes to protecting your identity, it’s always better to be safe than sorry.
If you found this article useful, be sure to check out these related articles:
Top 3 Myths about Online Banking Revealed
It's 11:00 p.m. Do You Know Where Your Money Is?
5 Mobile Banking Security Tips