Online Banking

How To Protect Yourself From Social Engineering


Social engineering attacks are becoming increasingly common in today’s society. Being a victim of a social engineering attack can be very harmful to you, potentially exposing your personal information, negatively impacting your finances, and harming your mental health. Scammers are becoming increasingly sophisticated as new technologies allow them to manipulate victims in even more convincing scams than ever before. 

It’s important to educate yourself on social engineering and social engineering prevention tactics to best protect yourself. As current social engineering attack strategies change, keeping up-to-date on new tactics is important.

In this article, we’ve included a general definition of social engineering and what to look out for to avoid being a victim. For more information on social engineering and how you can protect yourself, visit our fraud and identity theft FAQs.

If you are concerned about a banking-related social engineering attack or think your information has been compromised, contact Arkansas Federal Credit Union to secure your account. 

What Is Social Engineering?

Social engineering is a tactic of manipulating, influencing, or deceiving someone, either in-person or online, in order to gain control over their computer system or access to their personal or financial information.

A social engineering attack can appear in a variety of forms. It’s important to always be on your guard, especially when it comes to your personal and financial information. 

Types of Social Engineering Attacks

There are a lot of different types of social engineering attacks. These are a few of the most common types. It’s important to always stay alert because social engineering tactics are evolving every day.


Baiting is a physical form of social engineering. With this technique, something physical is used to spread malware onto your device or network. 

For example, someone could leave a USB drive containing malware. If you were to put the device into your computer or anything connected to your computer network, the malware would transfer to your computer. 

Another common type of baiting uses charging stations in high-traffic areas that install harmful software onto your computer or extract personal information while your device is plugged into a seemingly harmless free charging station. These can be both charging stations installed by scammers as well as charging stations provided by legitimate authorities, such as an airport, that scammers have manipulated.


Pretexting is when a person uses a pretext to gain your attention and convince you to provide information. A common example of pretexting is if someone were to use an internet survey that starts by asking simple questions and leads into asking you about your banking information.

Pretexting is intended to lull you into a sense of security and convince you to give up sensitive information because you’re already in the mindset of answering questions.


Phishing uses emails that are pretending to be from a trusted source asking for personal information. This could be an email that appears to be from your bank asking you to confirm the security information that actually leads you to a fake site that logs your responses.

If you are ever worried about a suspicious contact from Arkansas Federal, you should go directly to our website to check on your account or call your local branch to ask about the email.

Spear phishing is a specific type of phishing that targets a single person. This is more common when trying to gain business information. The person being targeted usually gets an email that appears to be from a higher-level executive asking for confidential information.

Vishing and smishing are forms of phishing that take place over the phone or over text.

Quid Pro Quo

In a quid pro quo attack, the perpetrator will try to convince you that you are getting something in return for the data that you’re giving them.

Usually, in these attacks, you won’t actually get anything from the information, but they will gain a lot more than they told you from your information. Sometimes scammers will ask you to buy them a gift card that they will pay you back for, only to rescind their agreement and leave you without anything in return.

Contact Spamming and Email Hacking

Contact spamming and email hacking involve hacking into an individual’s email or social media account in order to gain access to their contacts. The contacts may be told that the individual who’s been hacked is in need of money, or they may be sent malware disguised as a normal link. 

Emerging AI Voice Scams

AI voice scams are a newer form of social engineering attack that is still evolving. Scammers use AI to replicate the voice of a friend or loved one and claim that they’re in trouble and in need of money to be sent to them.

How To Prevent Social Engineering

There is no guaranteed way to protect yourself from social engineering, but there are things you can do to make yourself less vulnerable to an attack.  

Check the Source

It’s always a good idea to check the source of someone asking for your information. You should think about where the communication is coming from. Always read email headers to make sure they seem legitimate. 

You should also make it a habit to check link addresses before opening them by hovering over the link with your mouse to use your computer’s link preview mode. 

Incorrect spelling is another tell-tale sign of a scam. Your bank is unlikely to send you an email asking for personal information with spelling errors. The same goes for incorrectly aligned or low-quality graphics and logos.

Be Suspicious

Always be suspicious of individuals asking you for personal information. They’re likely looking to gain something from this information. If anything makes you feel uneasy or uncomfortable, you should ask for more information, verifying their validity before giving your information to them.

Know Procedures

It’s important to think through what an organization or person would or wouldn’t do and ways that they wouldn’t contact you.

For example, banks always ask for your security questions before starting or allowing any account changes. 

If you get contacted about a “friend” being stranded and needing money, think about how your friend interacts. Is it likely that they’d email you about this, or are they more likely to call or text you?

Take Your Time

Social engineering attacks prey on people’s natural instincts and quick reactions. If you receive any suspicious emails or messages, it’s important to take a breath and think about it before clicking on the link or giving out any of your personal information.

Secure Your Devices

Keeping your devices safe is a very important step in protecting yourself. You should always have antivirus software running on your computer, and you should make sure that you keep it up to date.

Use Strong Passwords

You should always use unique passwords for each account and, when available, use 2-factor authentication, especially for more sensitive accounts. Having strong and unique passwords helps you stay secure. If one account is compromised, your other accounts shouldn’t be at risk if all of your accounts have different, unique, and hard-to-crack passwords.

Stay Informed

Social engineering tactics are constantly changing and evolving. In order to defend against them, it’s important to stay informed of cybersecurity risks and social engineering trends so you can know what to look out for.

What To Do If You Think You’ve Been A Victim of Social Engineering

If you think you’ve been a victim of a social engineering attack and that your personal information is at risk, it’s important to act quickly. The first step in protecting yourself is to change all of your account passwords. Even if only one account has been compromised, changing all your passwords is a good idea. Accounts may be connected or share information that you might not realize.

It’s a good idea to contact your financial institution and monitor your account activity yourself. If your bank is aware of a potential problem, they can help you watch for and catch any fraudulent activity.

Filing a report with the police may be necessary. Depending on the type of information that was compromised, especially if it was financial, you may need to involve the police. Contacting the police might seem scary, but it can help protect you and can help prevent others from becoming victims.

Protect Your Personal Information

Social engineering attacks are widespread and dangerous. Anyone can be a victim of these attacks. Protecting yourself and always being careful with your personal information is important.

You should know that Arkansas Federal will never ask you to provide any personal information in an unsecured format.

If you think you’ve been contacted in a fraudulent manner, you can contact Arkansas Federal today to verify the information.

Get Started Now. It's Easy!

We make it easy to get started. Have questions and want to talk? We're here for you.
Call us at 800.456.3000 or visit your local branch.