Social Engineering Scams
Protect Yourself from Social Engineering Scams
“Social engineering” is a common technique where scammers adopt fake personas pretending to represent First Fed or other companies you have an account with. By mentioning our company name, scammers are hoping to convince you their outreach is trustworthy, so they can trick you into compromising your private information.
Common Themes Social Engineers Use to Initiate a Scam
Scams come in a variety of forms but are generally designed to convey a sense of urgency so the recipient will act quickly out of fear.
- Tech support: Scammers might pretend to be from the First Fed IT team saying there is a problem with your account, and they need your password to reset. They may ask you to answer security questions or ask you for your one-time or temporary password. If you give them your security answers or even your one-time password, the fraudster may be able to access your account and withdraw funds.
- Please keep your username and password private at all times.
- Friendly Reminder: First Fed team members will never call, text, or email you to ask for your password or online banking login information.
- Payment past-due: A scammer may claim you have an overdue bill or late payment and ask for your account information to resolve the matter. They are relying on your desire to resolve the situation quickly, instead of contacting the company directly about your account.
- Loan eligibility: Scammers might pretend that you have been approved for a loan. This is a big red flag if you haven’t recently applied for that loan.
- Government program eligibility: Scammers may pretend that they are there to help you with pandemic relief or other government programs. While legitimate government programs exist, the best course of action is to contact our branch teams or Customer Service to learn more.
Common Tactics Used by Social Engineers
These types of scams can be initiated through any form of communication, including email, phone, or text message. Here are some of the most common techniques:
- Phishing: When scammers use fake email accounts made to look like a company you have an account with, in order to gather information from you.
- Vishing: Spam calls and voicemails. Often, vishing calls try to create a sense of urgency, so you will act quickly without thinking. If you answer the vishing call, the scammers could be recording your voice to use against you.
- Smishing (SMS): Scammers may send text messages pretending to be from a bank or company. Beware of links in text messages if you aren’t 100% sure of the sender.
- Social Media: Scammers might create a new account pretending to be our bank and try to connect with you via direct messaging.
- Direct mail: Outreach through physical mail is more expensive and therefore less common.
With any of these, it is important to take time to review the communication carefully before deciding whether to respond, disregard, or call the company directly.
Tips for When You Receive a Suspicious Call or Message
If the person is putting pressure on you for immediate action, that may be a red flag. Even if the matter is presented as urgent, there is always enough time to stop the conversation and call the bank or business at their direct line to verify the account situation or special offer.
- Is the caller calling about an account situation you are familiar with? If they are calling about a new issue with your account, that is often a red flag. You should hang up, login to your account, and/or call Customer Service directly.
- Is the caller asking for your password, or to help you reset your password? You should NEVER give out your password or temporary password in any circumstance. Likewise, do not give the answers to your security questions to someone calling you. If a caller asks you for that information you should hang up.
- Don’t trust caller ID, as names and numbers can be spoofed. If you are concerned with account security, call Customer Service directly with the number on their website.
- Does the email address match the company website? Email addresses can be “spoofed” or faked to look like they are from a company when they are actually coming from a scammer. You can test the email by hovering over the email address to see if the “reply-to” email domain matches the company website.
- Does it have good grammar and spelling? Scammers are hoping to catch people who are not paying attention and might be easier to trick.
- Ask yourself: Do you even have the type of account mentioned? Or did you initiate the action? For example, did you request a password reset before receiving a related email?
- Avoid clicking on files which may download viruses. Avoid clicking on links or calling the number in the email. Instead open a browser window and visit the company website to login to your account directly.
- Did you sign up to receive text messages from this company?
- Is the text one you were expecting? (For example, an appointment confirmation, or a 2-factor code to login to your account.)
- Do not respond to text messages with personal information, and never text your password.
- Avoid clicking on links in text messages.
- Below are examples of fraudulent text messages sent by scammers to customers in September 2023:
Social Media Message:
- Beware of direct messages that are initiating a conversation with you. Social media accounts can be easily spoofed. If you message a company on social media, verify that the social media account is the same one they have linked to on their website.
- Never give out your password or personal account information on social media.
Data Privacy Best Practices
It takes vigilance to keep your personal information secure. Following the tips and best practices in this article will help you keep your personal data private. To recap:
- Keep your username and password private at all times.
- First Fed team members will NEVER ask for your password, even a temporary one.
- Make sure you are dialing the number on the bank website or on your debit card. Only provide personal information if you call the bank directly.
- Avoid clicking on links or downloading files in emails.
- Turn on 2-factor authentication on your account to make access to online banking more secure.