How to Stay Safe from Social Engineering

The FBI is alerting everyone about how cybercriminals are using social engineering to hack into financial, corporate, and network accounts. Recently observed social engineering techniques used by cybercriminals to target victims include:

• Impersonating Employees: Cybercriminals pretend to be company employees to trick IT or helpdesk staff into giving them access to a company's network.
• SIM Swapping: They convince phone companies to transfer a victim's phone number to a SIM card they control. This lets them bypass security and access the victim's accounts.
• Call Forwarding and Simultaneous Ring: They forward a victim's calls to their own phone or set it up so both phones ring when someone calls the victim. This helps them bypass security measures like SIM swapping.
• Phishing: Cybercriminals pretend to be trusted institutions to get victims to give them personal info like passwords or account numbers.

To Protect Yourself:

• Don't Give Out Personal Info: Don't respond to calls or messages asking for passwords or other personal info.
• Secure Your Phone: Set a strong password for your voicemail and ask your phone company to block SIM changes and call forwarding.
• Keep an Eye on Your Accounts: Check your phone provider's account page regularly for any strange activity.
• Be Careful Online: Don't share personal info like your phone number or address online.
• Use Strong Passwords: Make sure your passwords are long and unique.

For Businesses:

• Add Email Labels: Label emails from outside your company to spot potential scams.
• Secure Employee Devices: Stop SIM changes and call forwarding for employee phones and watch for suspicious activity on company accounts.
• TrainYour Staff: Teach your employees about social engineering and phishing scams.

Reporting Fraud:

If you've fallen victim to social engineering, and your personal information has been compromised:

• Contact your account providers immediately to regain control of your accounts, change passwords, and place alerts on your accounts for suspicious login attempts and/or transactions.
• Report the activity in as much detail as possible to the FBI's Internet Crime Complaint Center at www.ic3.gov.