Social Engineering

What is Baiting?

Baiting is a form of social engineering where a fraudster uses a false promise to entice their victim into a situation which compromises their personal and/or financial information or allows entry into their “system” to infect with malware.

Common examples of baiting are pop-up windows on computers advising:

• You’ve won a $100 gift card, click here to claim your prize.
• Your computer is infected, click here to clean your system/contact this phone number for assistance.
• Download this software to boost your computer’s speed.

What is Phishing?

Phishing is when fraudsters attempt to obtain confidential information from their victims via email. Phishing attempts may appear to be emails from people you know such as family, friends, colleagues, or organizations in which you conduct business or social activities with. “Spear Phishing” is when fraudsters target a specific person within an organization who could have access to valuable information, such as bank accounts.

Common examples of Phishing:

• Be aware of emails impersonating a financial institution advising account has been compromised and prompting to “click here” to secure the account. When a person clicks a link in a phishing email, the next page they are taken to is where the fraudster collects the sensitive information.
• Do not click links in unsolicited emails.

What is Smishing (SMS Phishing)?

Smishing is the text message version of phishing. These text messages often contain a web link or telephone number requesting immediate attention. The web link typically contains malware, also referred to as malicious software, that downloads to your device to gain access to your private and confidential information. If the victim calls the phone number listed in the smishing text, the victim is prompted to give confidential information to “resolve” the issue. 

Common examples of Smishing:

• Text message from financial institution with link to resolve account status.
• Text message received from Amazon with link to tracking information/delivery status updates.
• Text message from political campaigns with link to donate.

It is important to remember unexpected text messages containing links and call to action requests are typically scams. Do not engage. If you have questions and/or concerns, contact the business directly using publicly available contact information.

Vishing is voice phishing and completed via phone. These calls are centered around gaining access to financial information and may even include spoofed phone numbers. Spoofed phone numbers may appear to be from the local community or even the actual financial institution.

Common examples of Vishing:

• Receiving unsolicited phone calls from what appears to be your financial institution or large companies, such as Amazon or Apple where the caller ID identifies the phone number to be from the company the caller identifies as.
• Be mindful when an unsolicited call is received and the request is for sensitive information and/or immediate payment, this is likely a scam.
• Do not engage in the phone call and do not provide any information to the caller.
• Disconnect the call and verify the legitimacy of the request by contacting the business directly using publicly available information.