Social Engineering: Protect Yourself from Fraud

Today, most people know to be skeptical of emails from princes of distant countries. However, these scams persist, and still succeed, due to social engineering.

Social engineering refers to scams that exploit human emotions and behaviors. In these scams, fraudsters create a scenario that will exploit someone if they have a predictable—even normal—response, and tricks them into giving up sensitive information or money. According to a 2023 Purple Sec survey, 98% of cyber-attacks involved social engineering. A 2020 survey found that 50% of successful data breaches also involved social engineering and phishing.

A common social engineering scam seen today is a fake job offer. In this scam, a person is offered a position at a company—and in order to accept the position, they must provide their social security number for a background check and their bank account information for their direct deposit. Typically, all of the “conversations” and “interviews” are done via email or a text-based app, which is a red flag, but the promise of a steady, high income job with no experience necessary is too enticing to pass up. However, there are a lot of scams out there. Keep reading for more information on some of the most common and how to avoid them.

Pretexting Scams

In a pretexting scam, scammers create a realistic scenario that gives more validity of the offer/event—using pretext. Scammers impersonate authoritative figures, like government officials or bank employees, to intimidate victims into revealing sensitive information. This scam is incredibly common during tax season, where scammers will pretend to be the IRS and claim you have unpaid taxes, calculated your taxes incorrectly and owe—and if you don’t pay immediately, you’ll be arrested—or worse.

If you ever receive a phone call, email, text message, or even a direct message on social media, always verify the contact details of any organization before disclosing personal information. The best option is to reach out to the organization in question directly—instead of responding. For example, if they’re pretending to be your bank, call your bank back via the number on the back of your debit card—even if the caller ID matches.

Honeytrap Scams

Common on dating apps, honeytrap scams involve fraudsters developing fake romantic relationships with their target to extort money. These scams can span weeks or even months, and usually have gradually increasing monetary asks.

These scams often include some sort of sad backstory—such as a military member left behind by their unit on deployment—and they can’t come home to meet you without money for a plane ticket.

Online dating is a great way to meet new people, but date safely. Never share personal information like bank account or social security numbers. And, never send money to anyone you have only chatted with online or on the phone. When meeting an online connection, take your time in getting to know the person. Ask lots of questions and proceed with caution.

Quid pro quo

In this scam, victims are tricked into providing personal access or information in exchange for a supposed benefit.

Have you ever seen a popup while browsing the web that says your computer has malware—but, if you click here right now you’ll get the help you need for a low price? This is a common quid pro quo fraud called a tech support scam. In these scams, the scammers will often get you to pay for the services (getting your credit card information) and gain access to your computer—which gives them access to your personal data as well.

Baiting

Have you ever seen something online that looks too good to be true? If you click on a shady email or pop-up ad, it can result in a virus being installed on your computer and recording your keystrokes. This can give a hacker access to your passwords or other private information. 

Common examples seen today are ads for a lottery, sweepstakes, or a product that promises to change your life. Whatever it is—don’t click on it. They’re often designed to download the malware immediately—which means you’ll need to then get real tech support to fix the issue.

If you do click accidentally, do not log into any of your private accounts through that device until you have confirmed the viruses or malware have been removed. Once they’ve been removed, you will also want to update all of your passwords—even for social media sites. In fact, in some instances, scammers will log in to victims social accounts to perform other social engineering scams against your family and friends.

Disabling popups on your browsers, utilizing anti-virus software, and only visiting well-known sites can help you avoid these scams.

What to do if you’ve fallen for a scam

If you have fallen for a scam, report it to the following government organizations:

• gov
• Federal Trade Commission
• FBI’s Internet Crime Complaint Center
• For scams specific to Social Security benefits, report them to the Social Security Administration

Even if you didn’t fall for a scam, but were just targeted by one, reporting it can help protect others.

What to do next

Being aware that scams exist is only part of the way you can keep yourself safe—being proactive can help minimize your risk of becoming a target in the first place:

• Enable Two-Factor Authentication (2FA). Two-factor authentication adds a second form of verification to the login process, beyond your username and password, and is available on most online accounts.
• Be careful on public Wi-Fi. Avoid accessing sensitive accounts on public networks—you never know who is using, or owns, that network.
• Monitor your credit. And, if you believe your identity or private information has been compromised, place a Credit Freeze to protect against unauthorized credit or loan applications in your name.

And remember: your bank will never ask for your personal information, including your account number, social security number, username, password, PIN, address, or one-time banking codes in a call, text, or email. Do not respond to unsolicited messages asking you for this information and do not click on any suspicious links until you have verified the sender.