CitiDirect Online Banking Takes a Look at Social Engineering
In the online world, social engineering is lingo for tricking someone into revealing information about themselves that may help uncover his or her password. Most of us are aware that it is never a good idea to give your password out to anyone, especially someone you don’t know. But, did you know that a form of social engineering is making its way into every day life?
Consider this scenario, you receive a call* from someone claiming to be from Citibank – telling you about a demonstration they’ll be conducting in a local hotel. They ask for your contact information – address, e-mail, etc. – as well as the names of other colleagues who might be interested. Seems innocuous enough.
But the truth is that today – there’s a good chance that person might not be from Citibank. They could be from a list company trying to build a database of high profile business people, or even be working toward a more unsavory end – setting up some sort of scam.
As we set off on a new year, we thought this might be a good opportunity to remind you that just as you would never share your PIN or password with anyone, you should really consider not providing contact information to a person you don’t know. Simply ask them to identify themselves – first name and last – and ask for a callback number. Then, call your regular contact at Citibank to verify that the person is who they say they are.
In fact, you should take this course of action with all your vendors. Here’s to a happy and social-engineering-free new year.
*Please note that scams like the example above can also be sent via e-mail. |