Understanding social engineering scams and how to avoid them

Money and Mindset | June 2025

Social engineering is a type of scam used to trick people into sharing sensitive information. Here’s how you can protect yourself—and your finances—by understanding how they work.

The highlights

  • Social engineering is a category of scams that relies on manipulation. Criminals use emotions like trust, fear, desire, and curiosity to trick people into sharing their personal information through emails, text messages, and DMs.
  • Urgent requests for help, poor grammar and spelling, and too-good-to-be-true job offers are common social engineering scams.
  • If you think you've been a victim of a scam, contact your bank and credit card companies, check your credit report, and delete any suspicious apps on your phone.

Sometimes it’s a phone call, or maybe a text from what looks like the official caller ID of a familiar company.

“This is your bank. Your account has been compromised. May we have your account number so we can get to work on recovering your lost funds?”

But it could also happen in many other ways. It could be a direct message from an old friend  asking for your home address so they can send you a wedding invitation. Or maybe it’s an email from a familiar business asking you to click a link to claim a prize. These seemingly innocent digital interactions can be attempts to steal your identity or your money.

Social engineering scams are all about psychology and mental manipulation. They appeal to your tendency to trust people and things that feel familiar, meaning you’re more likely to reveal your personal information to a person posing as an employee of your bank or your doctor’s office. These scams are effective because they rely on human error—not sophisticated, unmanned programs designed to hack computer systems.

Techniques can vary widely, from the examples listed above to fake QR codes and fraudulent push notifications. It’s become an even bigger problem recently, with the rise of deepfake recordings and other AI-driven scams. The FBI warns that criminals are using AI to create fake social media profiles with believable photos and convincing audio and video recordings to impersonate family members, public officials, and company executives.Disclosure 1

The top five scam texts in 2024Disclosure 2

  • Package delivery issues
  • Job offers
  • Bank and Amazon account security alerts
  • Unpaid tolls
  • Wrong numbers

Read more: Can your phone get hacked? What you need to know

Some examples of social engineering include:

  • Phishing: When scammers pretending to be a trusted source send emails and texts that include malicious links in an attempt to trick people into sharing sensitive info like passwords or credit card numbers.
  • Spear phishing: A targeted version of phishing, where attackers personalize messages to specific people using information they found online.
  • Vishing: Scammers posing as officials during phone calls to extract sensitive data.
  • Baiting: Fake offers to entice victims into providing credentials or installing malware.

One of the best ways to protect yourself from these scams is to do your best to remain calm when confronted with a perceived emergency.

For example, let’s say you get a text from a scammer posing as your bank. The message notifies you that your account has been compromised and they need your account information ASAP. Before you go into panic mode and react without thinking, take a step back. A little pause like this can give you a much-needed gut check. You can second-guess those triggered emotions and ask yourself, “Is this real?” Banks, including Truist, will not text or call you to ask for your account information.

Social engineering techniques–and how to avoid them

1. Using your trust as a tool: You trust what you know. So when you hear from an old friend asking you to wire money or a familiar organization wanting to know your password, your natural tendency might be to automatically believe it’s legit. Sadly, 98% of cyber hacks are done via social engineering.Disclosure 3

How to stay safe: To protect yourself from having your trust used against you, you should develop a healthy sense of skepticism whenever you receive messages asking for anything, but especially personal information and money.

Hypothetical example:
Text from a "friend"

"Hey, I’m in trouble. I lost my wallet while traveling and need money to get home. Can you send me $500 through a money transfer app? I’ll pay you back as soon as I can."

Never reveal your birthday, address, answers to security questions (like your mother’s maiden name), or any account or government-issued numbers (like your Social Security number or driver’s license) on your social media or in response to any call or text.

Making your social media profiles private can also make it harder for social engineering scammers to get your information. If you choose to keep your accounts public, just be mindful of the information you share with the world.

If you get an email from a seemingly familiar company like your phone or internet provider asking for personal information, take a careful look at the sender’s email address. Does it look right, and is it coming from the correct domain? When you hover over any hyperlinks, do they lead to the correct website? Other red flags might include messages with poor spelling and grammar, urgent asks for help with limited context, and requests to skip any official communication methods and instead send to them directly. To verify if a request for information is legitimate, it’s a good practice to reach out to the company using their publicly posted phone number (try checking the website) and ask a representative to verify the request.

Read more: 9 unexpected tips for protecting your personal data

2. Employing fear tactics: Have you ever gotten a pop-up warning of an alleged virus on your computer? Or maybe you’ve received a phone call that’s supposedly from the IRS telling you you’re being audited. Did it make your heart race? Fear is powerful, and it causes us to act impulsively, which is what social engineering scammers are hoping to tap into.

Hypothetical example:
Fake pop-up alert

"Warning! Your computer is infected with malware! Immediate action is required to prevent data loss. Call our support team at 1-800-XXX-XXXX for assistance.”

How to stay safe: Don’t let fear tactics scare you into action. Whenever those seemingly urgent “warning” messages show up, take a deep breath and ask yourself if someone might be preying on your emotions. It could be part of a social engineering scam.

You should never immediately trust pop-ups for free software downloads, virus protection programs, or performance accelerators. If you download these programs without first verifying their authenticity, you might be subjecting your computer to unwanted monitoring and an invasion of your privacy and security. Always be sure to carefully read the software’s end user license agreement. Another good idea is to check with people you trust to see if they’re familiar with the software. A quick online search for information can also be helpful—just make sure your sources of information are reputable. Installing a trusted and well-reviewed pop-up blocker and keeping your device software up-to-date can also help minimize exposure to scareware. And never plug any unknown USB drives or devices into your computer—they could contain malware.

3. Playing off your desires: In this scenario, social engineering appeals to the things you really want: a cash reward, a new job, or even a romantic partner. It can be tempting to click on the message that tells you you’re a big winner, but it’s good to take a step back and verify that it’s not part of a social engineering scam.

Hypothetical example:
Text or Linkedln Message

"Job offer!! $100,000/year no experience needed. WFH, make your own hours start immediately.”

How to stay safe: To avoid your desires being used against you, pause and pay attention to your emotions. If it seems too good to be true, it often is. This is another good time to take a closer look at the email address, phone number, or website that the message is coming from—but be careful not to click any links inside emails or text messages you’re not confident about. You could also look up the company or sender’s name online with keywords like “scam” and “fraud.” And search for any reviews or complaints on trusted platforms like the Better Business Bureau (BBB). Reverse image tools can also help you identify fake profiles and photos.

Read more: 9 tips to help prevent identity theft and bring peace of mind

What to do if you’re targeted by a social engineering scam

Generally, staying alert and aware can help you avoid falling for social engineering scams—but inevitably, sometimes the scammers will succeed. If you think you’ve been the victim of a social engineering scam, there are a number of things you can do to defend yourself:

  • Contact your financial institutions and credit bureaus and let them know you might’ve been a victim of a scam.
  • If someone’s stolen your card information, freeze your card until you can get a new one.
  • Update your online accounts with secure passwords for better protection.
  • Check your credit report for fraudulent activity, and check your bank accounts to pinpoint any purchases you didn’t make.
  • Delete any suspicious apps from your phone or computer and run antivirus software if you have it.
  • Let your contacts know you’ve been the victim of a scam and not to interact with any links that might have come from “you.”

At Truist, protecting your information and identity is our priority. We will never send unsolicited emails, texts, or DMs, or call you unexpectedly asking you to provide, update, or verify your personal or acount information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers, or other confidential information.

If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).

Learn more about how Truist protects your accounts, and get helpful tips on steps you can take to protect yourself from fraudsters.

Next steps

  • Whenever you receive a suspicious call, text, message, or email, trust your gut as a first line of defense. Don’t open any fishy texts or emails—delete them and report them as junk.
  • Take proactive measures to help protect your identity and accounts, like updating account passwords, making your social media accounts private, and regularly checking your credit report and statements for fraudulent activity.
  • If you’re concerned that a scammer has accessed your information, contact your financial institution immediately and follow the other steps above. And if you discover someone could be posing as you, let your friends and family know to help them stay safe.

Related resources

Component ID : "accordionGridLayout-1624256768"
Model : "disclaimer"
Position : "left"

This content does not constitute legal, tax, accounting, financial, investment, or mental health advice. You are encouraged to consult with competent legal, tax, accounting, financial, investment, or mental health professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

Disclosure 1Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud,” Internet Crime Complaint Center, December 3, 2024.

Disclosure 2Top text scams of 2024," Federal Trade Commission, April 14, 2025.

Disclosure 315 Types of Social Engineering Attacks," SentinelOne, April 7, 2025.

Disclosures

Truist Bank, Member FDIC. © 2025 Truist Financial Corporation. Truist, the Truist logo, Truist Purple, LightStream, and the LightStream logo are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and/or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by Marsh & McLennan Agency, LLC (as successor in interest to McGriff Insurance Services, LLC) CA License #0H18131, Kensington Vanguard National Land Services, and Crump Life Insurance Services. Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable, LLC, Arkansas License #100110185. Member FINRA.

Marsh & McLennan Agency LLC, Kensington Vanguard National Land Services, Crump Life Insurance Services, Truist Life Insurance Services, and P.J. Robb Variable, LLC are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Please note that Truist provides translations of webpages, documents and disclosures as a courtesy and in the event of any inconsistencies or discrepancies between the English content and the translated content, the English content supersedes the translation. Truist offers phone support in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages, please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

The Consumer Finance Protection Bureau (CFPB) also provides additional resources for homeowners seeking payment assistance in select languages at: https://www.consumerfinance.gov/housing/housing-insecurity/help-for-homeowners/

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2025, Truist. All Rights Reserved.