vote online at www.bankwindhoek.com.na. *SMSs charged at normal rate. #392. Advice on how to avoid social engineering pi
#392
Advice on how to avoid social engineering pitfalls Social engineering is the act of attempting to manipulate an individual to perform certain actions or divulging sensitive information. It is a common technique among cyber attackers and identity thieves to get people to divulge information that should be safeguarded by pretending to be a trusted source such as a bank employee. It is successfully used because it can be easier to trick someone to divulge confidential personal information than to get through protective technological controls and fire-walls. Attackers have been known to "name drop" important figures in an attempt to intimidate the individual and to create a sense of urgency for an immediate response to the request.
Johnny Truter Manager Forensic Services
Common examples of social engineering include: • You receive a fraudulent phishing email that claims to be from your bank. The email includes a link to a phony web site that asks for your online banking ID and password. It could further request you to reply with your login details. • Telephone phishing: You receive a phone call from a caller who claims to be from your bank and suggests that there is a problem with your computer or user account. They may even ask for your username and password under the promise to rectify the problem to save you from any further discomfort. Phishing is the act of fraudulently trying to obtain sensitive information such as user accounts, passwords and credit card information by pretending to be a trusted entity in an electronic communication such as an email. Characteristics of phishing: • The message is designed to invoke a sense of urgency in the recipient. • The content often has misspellings and grammatical errors. • The message often claims to be from a bank, technical support, social media or other legitimate business. • The site that is linked to the message, asks for an ID and password. • The message asks you to update certain personal information. • The message has an unusual "from" address. • The URL that is listed doesn't match the official URL of the organisation. • Hovering the cursor over an email address or URL in the text of the mail will show the true address or URL. Fraudsters are known to mask these to make it look authentic. • The message is not personalized. DO: • Question unsolicited messages. • Use common sense when opening emails and answering phone calls. • Report suspicious phone calls or emails to Bank Windhoek’s Forensic department • Verify the identity of anyone before providing any information to them. • If in doubt about an email or phone call, contact the organization using the phone number that is provided on the official web site or telephone directory, not the number in the suspicious email. • Shred sensitive information instead of putting it in the trash. DO NOT: • Divulge any information over the phone until you have validated the caller’s identity. • Respond to an unsolicited email. • Give your password to anyone. • Provide sensitive information without the proper approval. • Open attachments, or click on links from untrusted or unknown senders. • Open emails from an unknown sender. • Click on suspicious links in work or personal emails. Bank Windhoek will never call or email you and ask for information such as your password or login details. If you suspect that someone is attempting to gain access to your personal information kindly email our department at:
[email protected] or call 061 299 1200 for immediate assistance. 0% No
Win N$1000 in our Opinion Poll Will you be able to spot a phishing scam?
SMS the number “1” followed by “yes” or “no” to 987 or email:
[email protected] or vote online at www.bankwindhoek.com.na *SMSs charged at normal rate
Does Bank Windhoek believe in building long lasting relations with our customers and stakeholders? 100% Yes
Monica K. Petrus is the lucky winner in the Money Matters Issue 391 poll draw.
