Social Engineering is an act of influencing people to reveal confidential or their personal information to gather even
further information or gain illegal access to a system and the information inside that system for the end purpose of committing
There are several types of social engineering. The most common of which are pretexting (use of invented scenarios), baiting
(use of free item to attract victims), quid pro quo (similar to baiting but uses service instead of an item), tailgating (or
"piggybacking" - gaining access to a restricted area by closely following one who has legitimate access) and phishing.
Phishing refers to fraud emails sent by syndicates to customers with the message that their China Bank Online account is
either locked or suspended or the system has been upgraded and customers have to unlock or reactivate their accounts by clicking
on a link provided. Once customers click on the link, they are led to a site that asks them to input their user name and passwords
which the syndicate then uses to make unauthorized transfer from the account.
The best way to protect yourself against social engineering is to always be AWARE.
Ask yourself first before you post anything in social networking sites―birthdays, addresses,
contact numbers, family, job, schedules, travels, location, affiliations, "likes" or anything that can be used for identity theft,
whereabouts tracking or fraud perpetuation.
Watch out for unexpected/unexplained/unusual calls or emails. Confirm authentiicity of anyone with
whom you communicate―get contact number from your card, statement, etc., and be wary of the information you share.
Always check your privacy settings on social networking sites.
Refrain from clicking on links embedded in emails and be particularly conscious of embedded links,
emails or text messages that ask for password verification.
Ensure that your personal information are disclosed only to those whom you intend to share it
with―people or organizations that legitimately require these information.