Social Engineering

  • Social Engineering

In a social engineering attack, an attacker uses human interaction to manipulate a person into providing them sensitive information.  Social engineering attacks attempt to exploit your trust and steal your information.  Once the information is obtained it is used to commit fraud or identity theft.

Criminals use a variety of social engineering attacks to attempt to steal your information, including:

  • Website Spoofing
  • Phishing


  • Website Spoofing

Website spoofing is the act of creating a fake website to mislead individuals into sharing their sensitive information.  Spoof websites are typically made to look exactly like legitimate websites published by a trusted organization.  Prevention tips include:

  • Pay attention to the web address (URL) of websites.  A website may look legitimate, but the URL may have a variation in spelling or use a different domain.
  • If you are suspicious of a website, close it immediately and contact the company directly.
  • Do not click links on social networking sites, pop-up windows, or non-trusted websites.  Links can take you to a different website than their labels indicate.  Typing an address into your browser is a safer alternative.
  • Avoid using websites when your browser displays certificate errors or warnings.


  • Phishing

Phishing is when an attacker attempts to acquire your personal information by acting as a trustworthy entity in an electronic communication.  Phishing messages often direct the recipient to a spoof website where you are asked to enter in that sensitive data.  Phishing attacks are done a number of ways including, email, instant messaging, telephone calls, and text messages.  Prevention tips include:

  • Delete emails and text messages that ask you to confirm or provide sensitive data.  Legitimate companies do not ask for sensitive data through email or text messages.
  • Beware of visiting websites that send you an unsolicited message.
  • Even if you feel that the message is legitimate, type the web address into the browser yourself or use a bookmark instead of clicking the link provided.
  • Try to independently verify any details given in the message directly with the company.
  • Utilize anti-phishing features and SPAM filtering features from your web browser or email client to prevent these emails or harmful websites from coming up.


  • Report Fraudulent or Suspicious Activity

Contact us immediately if you suspect that you have fallen victim to a social engineering attack and have disclosed sensitive information concerning your Exchange State Bank accounts.

Regularly monitoring your account activity is a good way to detect fraudulent activity. If you notice unauthorized transactions on your account, notify Exchange State Bank immediately.

  • Additional Resources

To learn more about information security visit any of the following websites: