Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases, the attacker never comes face-to-face with the victim.

• Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a targeted victim to release information or perform an action and is typically done over the telephone. It is more than a simple lie as it most often involves some prior research or set-up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
• Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank or credit card company—requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card's PIN.
• Phone-phishing or Vishing uses a rogue Interactive voice response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided in order to "verify" information. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. More advanced systems transfer the victim to the attacker posing as a customer service agent for further questioning.
• Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disk, CD ROM or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.
• Quid pro quo means something for something: An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware. For example, an information security survey revealed that 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for an inexpensive pen. Similar surveys in later years obtained similar results using chocolates and other inexpensive lures, although they made no attempt to validate the callers.
• Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

Awareness is an effective weapon against many forms of identity theft. Be aware of how information is stolen and what you can do to protect yours, monitor your personal information to uncover any problems quickly and know what to do when you suspect your identity has been stolen.

Armed with the knowledge of how to protect yourself and take action, you can make social engineering thieves' jobs much more difficult. You can also help fight social engineering by educating your friends, family and members of your community.

Here are some tips on how to fight a social engineering call attempt:

• Ask the requestor which company he/she works for;
• Question why he/she needs your confidential information;
• Take down the caller information and call the company to double check;
• Be careful not to disclose your Social Security number, birth date, PIN, credit card, etc. numbers to strangers.

Cathay Bank does not request confidential information from customers via e-mail or pop-up windows. In addition, Cathay Bank will never ask you for your password. You should safeguard and not share your password with anyone.

Ask you for personal information. Fraudulent e-mails often claim that your information or account has been compromised and ask you to confirm the authenticity of your transactions.

Appear to come from a legitimate source. While some e-mails are easily identified as fraudulent, others may appear to come from a legitimate address and a trusted website. Never rely on the name or address in the "From" field, as this is easily altered.

Prizes. Some fraudulent e-mails promise a prize or gift certificate if you complete a survey that may ask for your personal information. It is best to not give your personal information. If you decide to provide any information, always confirm that the prize or gift certificate is being issued from a well-known company.

Link to fraudulent websites. Fraudulent e-mails may direct you to counterfeit websites carefully designed to look legitimate, but which actually collect personal information for fraudulent use.

Contain computer viruses. Fraudulent e-mails may include attachments that contain computer viruses.

Contain fraudulent phone numbers. Fraudulent e-mails often contain telephone numbers that are tied to the fraudsters. You should never call a number featured on an e-mail you suspect is fraudulent.

It is fairly common and easy for criminals to steal company logos and generate fake business e-mails, coercing the victims to disclose their online credentials. If you believe you have just received such a suspicious e-mail, you can call us at our customer service number 800-922-8429 to confirm before responding.

Cathay Bank may send promotional product information to our customers via e-mail occasionally but we do not request non-public information from customers via e-mail or pop-up windows.

If you encounter a suspicious e-mail, website or unsolicited pop-up window that claims affiliation with Cathay Bank, please report it to us immediately at 800-922-8429. You may also forward the information to us at [email protected].

If you do not have a banking relationship with us, we will not inquire about your personal or confidential information via e-mail or pop-up windows. You should consider the intent of such e-mail as an attempt to collect your personal or confidential information to conduct identity theft.

If you encounter a suspicious e-mail, website or unsolicited pop-up window that claims affiliation with Cathay Bank, please report it to us immediately at 800-922-8429. You may also forward the information to us at [email protected].

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number without your permission to commit fraud or other crimes.

• How do thieves steal identity?
• How can you find out if your identity was stolen?
• What can you do to protect yourself from identity theft and other fraudulent activity?

Should you receive a letter and check in the mail that is similar to those described above, do not cash or deposit the check into your bank account. If you have already cashed or deposited this check, you should immediately contact your bank/branch and inform them that the check is counterfeit. If you are a victim of these scams, you should contact your local police department for further instructions.

We may place “cookies” on a computer to track a visitor’s use of our website. A cookie is a piece of data that is stored on your hard drive. It takes up very little space on your system and helps us to customize our site and make its navigation easier for you. We sometimes use cookies to help estimate the number of visitors to our site and to determine which areas are the most popular. Unless you register with us for a service (such as our Online Banking Service), the cookie does not provide us with any personally identifying information about you, such as your name or address.  

Visit our Collection and sharing of nonpublic personal information page.