Skip to main content

Social Engineering

What is social engineering?

Social engineering is using manipulation to compel people to divulge confidential information. Often times it refers to using that information or manipulation to gain access to or exploit a computer system.

What is a social engineering audit?

Credit Union Consulting employs the same methods as hackers and scammers, but in a controlled environment to glean confidential information from your credit union. We will do this by exploiting weaknesses in our information technology security and preparedness of your employees.

How does social engineering affect a credit union?

Since most credit unions now have firewalls that make it extremely unlikely that an attack will originate purely from outside the credit union's network, hackers will resort to gaining inside information or access to achieve their goals. They will use the techniques of social engineering to get the access and information they need to access the credit unions network and computer systems or to obtain confidential information. Other hackers will use the access just to be disruptive to normal business.

What are the techniques of social engineering that are used against credit unions?

Some common techniques are listed below:

Pretexting - usually involves calling an employee with a fictitious scenario concocted to gain trust and information

Phishing - often this technique uses legitimate appearing email to trick credit union employees into performing actions like entering information into bogus websites.

Spoofing - this is attack is sometimes used in coordination with phishing. The attacker exploits flaws in the credit union's email security to send legitimate appearing email to credit union employees with the goal of compelling them to divulge information.

Baiting - normally involves leaving some type of storage or media device where a credit union employee will find it with the hope that the victim insets it into their computer and thereby downloading a Trojan or virus onto the system.

Quid pro quo - an attacker calls the credit union pretending to be from the credit union's technology vendor and tries to find someone that had a legitimate problem that will then unknowingly grant them system access. Sometimes, the attackers use customer surveys and the promise of gifts for participating to get information.

What can a credit union do to combat social engineering?

The most important defense is to take a strategic layered approach to information technology security. The more layers you have in place, the more information a hackers needs to gain access. Security layers combat the weaknesses that employees inject into the situation. Secondly, credit unions need to test and train their employees using social engineering audits.

Click to learn more about implementing a layered security approach.

If you would like more information about social engineering audits, contact us at:

Paul Elder 614-848-5400 ext 121 or email Paul
Larry Krietemeyer 614-848-5400 ext 143 or email Larry

See how we rate with other credit unions for yourself. We would love to work with you!
Menu structure for mobile devices