Understanding social engineering scams and how to avoid them

Money and Mindset | June 2025

Social engineering is a type of scam used to trick people into sharing sensitive information. Here’s how you can protect yourself—and your finances—by understanding how they work.

The highlights

  • Social engineering is a category of scams that relies on manipulation. Criminals use emotions like trust, fear, desire, and curiosity to trick people into sharing their personal information through emails, text messages, and DMs.
  • Urgent requests for help, poor grammar and spelling, and too-good-to-be-true job offers are common social engineering scams.
  • If you think you've been a victim of a scam, contact your bank and credit card companies, check your credit report, and delete any suspicious apps on your phone.

Sometimes it’s a phone call, or maybe a text from what looks like the official caller ID of a familiar company.

“This is your bank. Your account has been compromised. May we have your account number so we can get to work on recovering your lost funds?”

But it could also happen in many other ways. It could be a direct message from an old friend  asking for your home address so they can send you a wedding invitation. Or maybe it’s an email from a familiar business asking you to click a link to claim a prize. These seemingly innocent digital interactions can be attempts to steal your identity or your money.

Social engineering scams are all about psychology and mental manipulation. They appeal to your tendency to trust people and things that feel familiar, meaning you’re more likely to reveal your personal information to a person posing as an employee of your bank or your doctor’s office. These scams are effective because they rely on human error—not sophisticated, unmanned programs designed to hack computer systems.

Techniques can vary widely, from the examples listed above to fake QR codes and fraudulent push notifications. It’s become an even bigger problem recently, with the rise of deepfake recordings and other AI-driven scams. The FBI warns that criminals are using AI to create fake social media profiles with believable photos and convincing audio and video recordings to impersonate family members, public officials, and company executives.Disclosure 1

The top five scam texts in 2024Disclosure 2

  • Package delivery issues
  • Job offers
  • Bank and Amazon account security alerts
  • Unpaid tolls
  • Wrong numbers

Read more: Can your phone get hacked? What you need to know

Some examples of social engineering include:

  • Phishing: When scammers pretending to be a trusted source send emails and texts that include malicious links in an attempt to trick people into sharing sensitive info like passwords or credit card numbers.
  • Spear phishing: A targeted version of phishing, where attackers personalize messages to specific people using information they found online.
  • Vishing: Scammers posing as officials during phone calls to extract sensitive data.
  • Baiting: Fake offers to entice victims into providing credentials or installing malware.

One of the best ways to protect yourself from these scams is to do your best to remain calm when confronted with a perceived emergency.

For example, let’s say you get a text from a scammer posing as your bank. The message notifies you that your account has been compromised and they need your account information ASAP. Before you go into panic mode and react without thinking, take a step back. A little pause like this can give you a much-needed gut check. You can second-guess those triggered emotions and ask yourself, “Is this real?” Banks, including Truist, will not text or call you to ask for your account information.

Social engineering techniques–and how to avoid them

1. Using your trust as a tool: You trust what you know. So when you hear from an old friend asking you to wire money or a familiar organization wanting to know your password, your natural tendency might be to automatically believe it’s legit. Sadly, 98% of cyber hacks are done via social engineering.Disclosure 3

How to stay safe: To protect yourself from having your trust used against you, you should develop a healthy sense of skepticism whenever you receive messages asking for anything, but especially personal information and money.

Hypothetical example:
Text from a "friend"

"Hey, I’m in trouble. I lost my wallet while traveling and need money to get home. Can you send me $500 through a money transfer app? I’ll pay you back as soon as I can."

Never reveal your birthday, address, answers to security questions (like your mother’s maiden name), or any account or government-issued numbers (like your Social Security number or driver’s license) on your social media or in response to any call or text.

Making your social media profiles private can also make it harder for social engineering scammers to get your information. If you choose to keep your accounts public, just be mindful of the information you share with the world.

If you get an email from a seemingly familiar company like your phone or internet provider asking for personal information, take a careful look at the sender’s email address. Does it look right, and is it coming from the correct domain? When you hover over any hyperlinks, do they lead to the correct website? Other red flags might include messages with poor spelling and grammar, urgent asks for help with limited context, and requests to skip any official communication methods and instead send to them directly. To verify if a request for information is legitimate, it’s a good practice to reach out to the company using their publicly posted phone number (try checking the website) and ask a representative to verify the request.

Read more: 9 unexpected tips for protecting your personal data

2. Employing fear tactics: Have you ever gotten a pop-up warning of an alleged virus on your computer? Or maybe you’ve received a phone call that’s supposedly from the IRS telling you you’re being audited. Did it make your heart race? Fear is powerful, and it causes us to act impulsively, which is what social engineering scammers are hoping to tap into.

Hypothetical example:
Fake pop-up alert

"Warning! Your computer is infected with malware! Immediate action is required to prevent data loss. Call our support team at 1-800-XXX-XXXX for assistance.”

How to stay safe: Don’t let fear tactics scare you into action. Whenever those seemingly urgent “warning” messages show up, take a deep breath and ask yourself if someone might be preying on your emotions. It could be part of a social engineering scam.

You should never immediately trust pop-ups for free software downloads, virus protection programs, or performance accelerators. If you download these programs without first verifying their authenticity, you might be subjecting your computer to unwanted monitoring and an invasion of your privacy and security. Always be sure to carefully read the software’s end user license agreement. Another good idea is to check with people you trust to see if they’re familiar with the software. A quick online search for information can also be helpful—just make sure your sources of information are reputable. Installing a trusted and well-reviewed pop-up blocker and keeping your device software up-to-date can also help minimize exposure to scareware. And never plug any unknown USB drives or devices into your computer—they could contain malware.

3. Playing off your desires: In this scenario, social engineering appeals to the things you really want: a cash reward, a new job, or even a romantic partner. It can be tempting to click on the message that tells you you’re a big winner, but it’s good to take a step back and verify that it’s not part of a social engineering scam.

Hypothetical example:
Text or Linkedln Message

"Job offer!! $100,000/year no experience needed. WFH, make your own hours start immediately.”

How to stay safe: To avoid your desires being used against you, pause and pay attention to your emotions. If it seems too good to be true, it often is. This is another good time to take a closer look at the email address, phone number, or website that the message is coming from—but be careful not to click any links inside emails or text messages you’re not confident about. You could also look up the company or sender’s name online with keywords like “scam” and “fraud.” And search for any reviews or complaints on trusted platforms like the Better Business Bureau (BBB). Reverse image tools can also help you identify fake profiles and photos.

Read more: 9 tips to help prevent identity theft and bring peace of mind

What to do if you’re targeted by a social engineering scam

Generally, staying alert and aware can help you avoid falling for social engineering scams—but inevitably, sometimes the scammers will succeed. If you think you’ve been the victim of a social engineering scam, there are a number of things you can do to defend yourself:

  • Contact your financial institutions and credit bureaus and let them know you might’ve been a victim of a scam.
  • If someone’s stolen your card information, freeze your card until you can get a new one.
  • Update your online accounts with secure passwords for better protection.
  • Check your credit report for fraudulent activity, and check your bank accounts to pinpoint any purchases you didn’t make.
  • Delete any suspicious apps from your phone or computer and run antivirus software if you have it.
  • Let your contacts know you’ve been the victim of a scam and not to interact with any links that might have come from “you.”

At Truist, protecting your information and identity is our priority. We will never send unsolicited emails, texts, or DMs, or call you unexpectedly asking you to provide, update, or verify your personal or acount information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers, or other confidential information.

If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).

Learn more about how Truist protects your accounts, and get helpful tips on steps you can take to protect yourself from fraudsters.

Next steps

  • Whenever you receive a suspicious call, text, message, or email, trust your gut as a first line of defense. Don’t open any fishy texts or emails—delete them and report them as junk.
  • Take proactive measures to help protect your identity and accounts, like updating account passwords, making your social media accounts private, and regularly checking your credit report and statements for fraudulent activity.
  • If you’re concerned that a scammer has accessed your information, contact your financial institution immediately and follow the other steps above. And if you discover someone could be posing as you, let your friends and family know to help them stay safe.