What is social engineering?
Social engineering is using manipulation to compel people to divulge confidential information. Often times it refers to using that information or manipulation to gain access to or exploit a computer system.
What is a social engineering audit?
Community Banc Consulting, Inc. employs the same methods as hackers and scammers, but in a controlled environment to glean confidential information from your community bank. We will do this by exploiting weaknesses in our information technology security and preparedness of your employees.
How does social engineering affect a community bank?
Since most community banks now have firewalls that make it extremely unlikely that an attack will originate purely from outside the community bank's network, hackers will resort to gaining inside information or access to achieve their goals. They will use the techniques of social engineering to get the access and information they need to access the bank's network and computer systems or to obtain confidential information. Other hackers will use the access just to be disruptive to normal business.
What are the techniques of social engineering that are used against community banks?
Some common techniques are listed below:
Pretexting - usually involves calling an employee with a fictitious scenario concocted to gain trust and information
Phishing - often this technique uses legitimate appearing email to trick bank employees into performing actions like entering information into bogus websites.
Spoofing - this attack is sometimes used in coordination with phishing. The attacker exploits flaws in the bank's email security to send legitimate appearing email to bank employees with the goal of compelling them to divulge information.
Baiting - normally involves leaving some type of storage or media device where a bank employee will find it with the hope that the victim inset it into their computer and thereby downloading a Trojan or virus onto the system.
Quid pro quo - an attacker calls the bank pretending to be from the bank's technology vendor and tries to find someone that had a legitimate problem that will then unknowingly grant them system access. Sometimes, the attackers use customer surveys and the promise of gifts for participating to get information.
What can a community bank do to combat social engineering?
The most important defense is to take a strategic layered approach to information technology security. The more layers you have in place, the more information a hacker needs to gain access. Security layers combat the weaknesses that employees inject into the situation. Secondly, banks need to test and train their employees using social engineering audits.
If you would like more information about social engineering audits, please contact us or call:
- Paul Elder at 614-848-3189 ext. 121
- Larry Krietemeyer at 614-848-3189 ext. 143
The expertise and learning that they bring to the organization is very helpful. Their professionalism, sharing of ideas, and willingness to sit and talk when we want them to, is a big help.