Social engineering is using manipulation to compel people to
divulge confidential information. Often times it refers to using
that information or manipulation to gain access to or exploit a
Community Banc Consulting of Ohio, Inc. employs the same methods
as hackers and scammers, but in a controlled environment to glean
confidential information from your community bank. We will do this
by exploiting weaknesses in our information technology security and
preparedness of your employees.
Since most community banks now have firewalls that make it
extremely unlikely that an attack will originate purely from
outside the community bank's network, hackers will resort to
gaining inside information or access to achieve their goals. They
will use the techniques of social engineering to get the access and
information they need to access the banks network and computer
systems or to obtain confidential information. Other hackers
will use the access just to be disruptive to normal business.
Some common techniques are listed below:
Pretexting - usually involves calling an
employee with a fictitious scenario concocted to gain trust and
Phishing - often this technique uses legitimate
appearing email to trick bank employees into performing actions
like entering information into bogus websites.
Spoofing - this is attack is sometimes used in
coordination with phishing. The attacker exploits flaws in the
bank's email security to send legitimate appearing email to bank
employees with the goal of compelling them to divulge
Baiting - normally involves leaving some type
of storage or media device where a bank employee will find it with
the hope that the victim insets it into their computer and thereby
downloading a Trojan or virus onto the system.
Quid pro quo - an attacker calls the bank
pretending to be from the bank's technology vendor and tries to
find someone that had a legitimate problem that will then
unknowingly grant them system access. Sometimes, the attackers use
customer surveys and the promise of gifts for participating to get
The most important defense is to take a strategic layered
approach to information technology security. The more layers you
have in place, the more information a hackers needs to gain access.
Security layers combat the weaknesses that employees inject into
the situation. Secondly, banks need to test and train their
employees using social engineering audits.
Click to learn
more about implementing a layered security approach.
If you would like more information about social engineering
audits, contact us at:
Paul Elder 614-848-3189 ext 121 or email Paul
Larry Krietemeyer 614-848-3189 ext 143 or email Larry