Understanding the emotions behind social engineering scams

PROTECT WHAT MATTERS

Social engineering is a method scammers use to trick people into sharing sensitive information. Here’s how you can protect yourself by understanding the psychology of how they work.

Sometimes it’s a phone call, or maybe a text. It might even look like the official caller ID of a familiar company.

“This is your bank. Your account has been compromised. May we have your account number so we can get to work on recovering your lost funds?”

But it could also happen in many other ways. An old friend (allegedly) slides into your DMs. Or you open an email that appears to be from your trusted local drugstore saying you’ve won a drawing. These seemingly innocent digital interactions can be attempts to steal your identity or your money.

What is social engineering?

Social engineering—what happens when a fraudster tricks someone into divulging personal information for fraudulent purposes—appeals to your tendency to trust people and things that feel familiar. This means you’re more likely to reveal your personal information to a person posing as an employee of your bank or an administrator from your doctor’s office.

The crucial factor to keep in mind is that these scams are all about psychology and mental manipulation. Social engineering scams are effective because they rely on human error—not sophisticated, unmanned programs designed to hack computer systems.

Read more:  Can your phone get hacked? What you need to know

Social engineering techniques can vary widely, from the examples listed above to fake QR codes, fraudulent push notifications, and even deepfake recordings. It’s become an even bigger problem recently, as our stress levels have risen and money has become tighter. The World Economic Forum’s Global Cybersecurity Outlook 2022 reported that the COVID-19 pandemic—and the shifts in our working habits—have increased social engineering and other cybercrimes.Disclosure 1 And as we spend more of our lives online, the number of social engineering attacks will likely continue to rise.Disclosure 2

One of the best ways to protect yourself from these scams is to do your best to remain calm when confronted with a perceived emergency.

For example, let’s say you get a text from a scammer posing as your bank. The message notifies you that your account has been compromised and they need your account information ASAP. Before you go into panic mode and react without thinking, take a step back. A little pause like this can give you a much-needed gut check. You can second-guess those triggered emotions and ask yourself, “Is this real?”

3 ways social engineering scammers succeed—and how to protect yourself

1. Using your trust as a tool: You trust what you know. So when you hear from an old friend asking you to wire money or a familiar organization wanting to know your password, your natural tendency might be to automatically believe it’s legit. Sadly, 98% of cyber hacks are done via social engineering.Disclosure 3

How to stay safe: To protect yourself from having your trust used against you, you should develop a healthy sense of skepticism whenever you receive messages asking for anything, but especially personal information.

Never reveal your birthday, address, answers to security questions (like your mother’s maiden name), or any account or government-issued numbers (like your Social Security number or driver’s license) on your social media or in response to any call or text.

Making your social media profiles private can also make it harder for social engineering scammers to get your information. If you choose to keep your accounts public, just be mindful of the information you share with the world.

If you get an email from a seemingly familiar company like your phone or internet provider asking for personal information, take a careful look at the sender’s email address. Does it look right, and is it coming from the correct domain? When you hover over any hyperlinks, do they lead to the correct website? To verify if a request for information is legitimate, it’s a good practice to reach out to the company using their publicly posted phone number (try checking the website) and ask a representative to verify the request.

Read more: 9 unexpected tips for protecting your personal data

2. Employing fear tactics: Have you ever gotten a pop-up warning of an alleged virus on your computer? Or maybe you’ve gotten a phone call that’s supposedly from the IRS telling you you’re being audited. Did it make your heart race? Fear is powerful, and it causes us to act impulsively, which is what social engineering scammers are hoping to tap into.

How to stay safe: Don’t let fear tactics scare you into action. Whenever those seemingly urgent “warning” messages show up, take a deep breath and ask yourself if someone might be preying on your emotions. It could be part of a social engineering scam.

You should never immediately trust pop-ups for free software downloads, virus protection programs, or performance accelerators. If you download these programs without first verifying their authenticity, you might be subjecting your computer to unwanted monitoring and an invasion of your privacy and security. Always be sure to carefully read the software’s end user license agreement. Another good idea is to check with people you trust to see if they’re familiar with the software. A quick online search for information can also be helpful—just make sure your sources of information are reputable.

3. Playing off your desires: In this scenario, social engineering appeals to the things you really want: a cash reward, a new job, or even a romantic partner. It can be tempting to click on the message that tells you you’re a big winner, but it’s good to take a step back and verify that it’s not part of a social engineering scam.

How to stay safe: To avoid your desires being used against you, pause and pay attention to your emotions. If it seems too good to be true, it often is. This is another good time to take a closer look at the email address, phone number, or website that the message is coming from—but be careful not to click any links inside emails or text messages you’re not confident about.

Read more:  9 tips to help prevent identity theft and bring peace of mind

What to do if you’re targeted by a social engineering scam

Generally, staying alert and aware can help you avoid falling for social engineering scams—but inevitably, sometimes the scammers will succeed. If you think you’ve been the victim of a social engineering scam, there are a number of things you can do to defend yourself:

  • Contact your financial institutions and credit bureaus and let them know you might’ve been a victim of a scam.
  • If someone’s stolen your card information, freeze your card until you can get a new one.
  • Change your passwords to your online accounts.
  • Check your credit report for fraudulent activity, and check your bank accounts to pinpoint any purchases you didn’t make.
  • Delete any suspicious apps from your phone or computer and run antivirus software if you have it.
  • Let your contacts know you’ve been the victim of a scam and not to interact with any links that might have come from “you.”

At Truist, protecting your information and identity is our priority. We will never send unsolicited emails, texts, or DMs, or call you unexpectedly asking you to provide, update, or verify your personal or account information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers, or other confidential information.

If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).

Learn more about how Truist protects your accounts, and get helpful tips on steps you can take to protect yourself from fraudsters.

This content does not constitute legal, tax, accounting, financial, or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial, or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

Related resources

Component ID : "accordionGridLayout-1624256768"
Model : "disclaimer"
Position : "left"

Disclosure  “Global Cybersecurity Outlook 2022: Insight Report,” World Economic Forum, January 2022.

Disclosure Social engineering attacks to dominate Web3, the metaverse,” ZDNet, March 22, 2022.

Disclosure 2021 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends,” PurpleSec, accessed April 4, 2022.

Disclosures

Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo, Truist Purple, LightStream, and the LightStream logo are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Please note that Truist provides translations of webpages, documents and disclosures as a courtesy and in the event of any inconsistencies or discrepancies between the English content and the translated content, the English content supersedes the translation. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2025, Truist. All Rights Reserved.