Five Keys to Stopping Social Engineers

Five Keys to Stopping Social Engineers

Date:
Oct 3, 2013

The following blog post is a contribution from TriState Capital, a Thought Leaders Council member of the Family Office Exchange.

Early Monday morning an email is sent to you from a client.  He is overseas.  His wallet has been stolen.  He has no way of getting home.  In order to access his account he needs you to give him the password, which he has forgotten.

Your firm prides itself on customer service; it’s what you are known for, and its how you’ve managed to develop your stellar reputation. However, you must now ask yourself one simple, but important question: Is this request legitimate?

As technology evolves, anti-virus and fire-wall software grows stronger.  Instead of trying to beat these systems, the battle has now been taken to the keyboard and phone. Everyday, thousands of criminals try to manipulate financial institution employees into giving out important client information with the goal of obtaining customer funds. This form of fraud is commonly known as social engineering. Social engineering targets the human element through manipulation and misrepresentation. These are simple tactics to trick you into giving out important and confidential client information.

There are, however, ways to protect your clients and your firm: 

1. Never give out your clients’ personal financial information in response to an unsolicited phone call, fax, or e-mail – no matter how official it may seem.

2. Do not respond to an e-mail that warns of dire consequences to a client unless information is validated immediately. Contact the company to confirm the e-mail’s validity using a telephone number or Web address you know to be genuine. 

3. Urge your clients to check their credit card and bank account statements regularly and look for unauthorized transactions, even small ones. Some thieves hope small transactions will go unnoticed. Discrepancies should be reported immediately as information obtained via these small thefts can be used to create a social engineering profile and perpetrate a scam. 

4. Suggest that your clients set up a fraud monitoring service. Some of the services offered include frequent credit score checks, public record surveillance, and enhanced checking and savings account application alerts for certain transactions.

5. Trust, but verify.  No firm wants to offend a client by questioning his or her validity.  But it is important to remember that you are ultimately protecting the client.  

With a properly trained workforce that recognizes social engineering tactics and knows how to take the necessary steps to handle sensitive data requests, keeping social engineers at arm’s length is highly doable.

Related Links

Family Business Owner Series: How to Manage Family Business Risks

About Chuck Fawcett

As President of TriState Capital’s Private Bank, Chuck oversees the Relationship Management team. TriState Capital’s Private Bank cultivates relationships with family offices, wealth management firms, and individual high-net-worth clients on a regional and national basis. The Private Bank at TriState Capital also provides lending and deposit services to the executives of the companies TriState Capital serves.