Phishing & Social Engineering

About Phishing & Social Engineering

Phishing is a cybercrime in which a target or targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking, and credit card details and passwords. Social engineering on the other hand is a tactic used by cybercriminals to manipulate individuals into divulging sensitive information or performing actions that compromise security. Instead of relying on technical vulnerabilities, social engineering exploits human psychology and trust to deceive individuals into providing access to confidential information or systems.

The information illegally procured by both phishing and social engineering is then used to access essential accounts, resulting in identity theft and financial loss.

Helpful Tips on Identifying Phishing emails

Bad spelling and grammar in the text of the email.
Have a sense of urgency. Hackers word emails to include a sense of urgency to make you react quickly, reducing your time to think and realize the scam.
Be suspicious of emails that ask for your personal information
First-Citizens Bank and most other companies will never ask for your credentials via email.
Please hover over the link before clicking on it to ensure it’s taking you where it says it will take you. Check the website: Is it HTTP or HTTPS? Is it spelled correctly? Is it the company’s website? Some links may be legitimate so make sure you check them all
If you click the link and are unsure if it is accurate or fake, try a fake password first. If it appears you have signed in, then you are probably on a phishing site.

Helpful Tips on avoiding falling victim to social engineering:

Be suspicious of people you don’t know who ask for sensitive information:

Always maintain a healthy sense of scepticism when dealing with unknown individuals, especially if they ask for any internal or sensitive information. Remain on guard and verify the identity of any person making an unsolicited request before you provide information by phone, email, or in person.

Avoid posting and sharing personal information on social media platforms:

Such as names, phone numbers, addresses, school and work locations, and other sensitive information as text or in a photo.

Use multifactor authentication where applicable:

One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise

Command	What it does
BAL	Retrieve balance for default account
BAL <Insert Nickname> For Example: BAL Sav1	Retrieve balance on a registered account using account nickname
BAL ALL	Retrieve balance for all registered account
HIST	Retrieve list of the 10 most recent transactions posted on default registered account
HIST <Insert Nickname> For Example: HIST Sav1	Retrieve list of the 10 most recent transactions posted on a registered account using a nickname
HIST d, from <date> to <date> For Example: HIST d, from 04-05-2020 to 06-05-2020	Retrieve list of posted transactions on default registered account with date range specified, (maximum of 10 transactions)
HIST <nickname> d, from <date> to <date> For Example: HIST Sav1 d, from 04-05-2020 to 06-05-2020	Retrieve list of posted transactions on a registered account using account nickname, within the date range specified,(maximum of 10 transactions)
HIST c, from <low cheque number > to <high cheque number> For Example: Hist c, from 200 to 205	Retrieve list of posted cheques on your default registered account, within the cheque range number range specified
HIST <nickname> c, from <low cheque number > to <high cheque number> For Example: Hist Chq1 c, from 200 to 205	Retrieve list of the posted cheques on your registered account, with a nickname, within the cheque number range specified
RTRA	Retrieve list of the 3 most recent posted transfers from your default registered account
RTRA <nickname> For Example: RTRA sav1	Retrieve a list of the 3 most recent posted transfers from your registered account with a nickname
RTRA ALL	Retrieve a list of the 3 most recent posted transfers from all your registered accounts
TRAN <nickname1> <nickname2> Amount For Example: tran ck1 ck2 100	Transfer amount between accounts using nicknames
TRAN <nickname1> <Amount> For Example: tran ck2 500	Transfer amount from the default registered account to the specified registered account using the nickname
TRAN <nickname1> <Amount> <Date> For Example: tran ck2 500 04-10-2020	Transfer amount from the default registered account to the specified registered account with the nickname, for a scheduled future date.
TRAN <nickname1> <nickname2> <Amount> <Date> For Example: tran sav1 ck1 500 04-10-2020	Transfer stated amount from a registered specified nicknamed account to a second registered nicknamed account, for a scheduled future date.
HELP BAL	Retrieve information on the format of the balance commands
HELP TRAN	Retrieve information on the format of the Transfer commands
HELP RTRA	Retrieve information on the format of the Recent Transfers commands
HELP HIST	Retrieve information on the format of the Account History commands
HELP	Retrieve information on the format of the Help command
STOP	Unsubscribe your mobile device from receiving First Citizens SMS Alert messages

Phishing & Social Engineering