Sometimes it’s a phone call, or maybe a text. It might even look like the official caller ID of a familiar company.
“This is your bank. Your account has been compromised. May we have your account number so we can get to work on recovering your lost funds?”
But it could also happen in many other ways. An old friend (allegedly) slides into your DMs. Or you open an email that appears to be from your trusted local drugstore saying you’ve won a drawing. These seemingly innocent digital interactions can be attempts to steal your identity or your money.
What is social engineering?
Social engineering—what happens when a fraudster tricks someone into divulging personal information for fraudulent purposes—appeals to your tendency to trust people and things that feel familiar. This means you’re more likely to reveal your personal information to a person posing as an employee of your bank or an administrator from your doctor’s office.
The crucial factor to keep in mind is that these scams are all about psychology and mental manipulation. Social engineering scams are effective because they rely on human error—not sophisticated, unmanned programs designed to hack computer systems.
Social engineering techniques can vary widely, from the examples listed above to fake QR codes, fraudulent push notifications, and even deepfake recordings. It’s become an even bigger problem recently, as our stress levels have risen and money has become tighter. The World Economic Forum’s Global Cybersecurity Outlook 2022 reported that the COVID-19 pandemic—and the shifts in our working habits—have increased social engineering and other cybercrimes.1 And as we spend more of our lives online, the number of social engineering attacks will likely continue to rise.2
One of the best ways to protect yourself from these scams is to do your best to remain calm when confronted with a perceived emergency.
For example, let’s say you get a text from a scammer posing as your bank. The message notifies you that your account has been compromised and they need your account information ASAP. Before you go into panic mode and react without thinking, take a step back. A little pause like this can give you a much-needed gut check. You can second-guess those triggered emotions and ask yourself, “Is this real?”
3 ways social engineering scammers succeed—and how to protect yourself
1. Using your trust as a tool: You trust what you know. So when you hear from an old friend asking you to wire money or a familiar organization wanting to know your password, your natural tendency might be to automatically believe it’s legit. Sadly, 98% of cyber hacks are done via social engineering.3
How to stay safe: To protect yourself from having your trust used against you, you should develop a healthy sense of skepticism whenever you receive messages asking for anything, but especially personal information.
Never reveal your birthday, address, answers to security questions (like your mother’s maiden name), or any account or government-issued numbers (like your Social Security number or driver’s license) on your social media or in response to any call or text.
Making your social media profiles private can also make it harder for social engineering scammers to get your information. If you choose to keep your accounts public, just be mindful of the information you share with the world.
If you get an email from a seemingly familiar company like your phone or internet provider asking for personal information, take a careful look at the sender’s email address. Does it look right, and is it coming from the correct domain? When you hover over any hyperlinks, do they lead to the correct website? To verify if a request for information is legitimate, it’s a good practice to reach out to the company using their publicly posted phone number (try checking the website) and ask a representative to verify the request.
2. Employing fear tactics: Have you ever gotten a pop-up warning of an alleged virus on your computer? Or maybe you’ve gotten a phone call that’s supposedly from the IRS telling you you’re being audited. Did it make your heart race? Fear is powerful, and it causes us to act impulsively, which is what social engineering scammers are hoping to tap into.
How to stay safe: Don’t let fear tactics scare you into action. Whenever those seemingly urgent “warning” messages show up, take a deep breath and ask yourself if someone might be preying on your emotions. It could be part of a social engineering scam.
You should never immediately trust pop-ups for free software downloads, virus protection programs, or performance accelerators. If you download these programs without first verifying their authenticity, you might be subjecting your computer to unwanted monitoring and an invasion of your privacy and security. Always be sure to carefully read the software’s end user license agreement. Another good idea is to check with people you trust to see if they’re familiar with the software. A quick online search for information can also be helpful—just make sure your sources of information are reputable.
3. Playing off your desires: In this scenario, social engineering appeals to the things you really want: a cash reward, a new job, or even a romantic partner. It can be tempting to click on the message that tells you you’re a big winner, but it’s good to take a step back and verify that it’s not part of a social engineering scam.
How to stay safe: To avoid your desires being used against you, pause and pay attention to your emotions. If it seems too good to be true, it often is. This is another good time to take a closer look at the email address, phone number, or website that the message is coming from—but be careful not to click any links inside emails or text messages you’re not confident about.
What to do if you’re targeted by a social engineering scam
Generally, staying alert and aware can help you avoid falling for social engineering scams—but inevitably, sometimes the scammers will succeed. If you think you’ve been the victim of a social engineering scam, there are a number of things you can do to defend yourself:
- Contact your financial institutions and credit bureaus and let them know you might’ve been a victim of a scam.
- If someone’s stolen your card information, freeze your card until you can get a new one.
- Change your passwords to your online accounts.
- Check your credit report for fraudulent activity, and check your bank accounts to pinpoint any purchases you didn’t make.
- Delete any suspicious apps from your phone or computer and run antivirus software if you have it.
- Let your contacts know you’ve been the victim of a scam and not to interact with any links that might have come from “you.”
At Truist, protecting your information and identity is our priority. We will never send unsolicited emails, texts, or DMs, or call you unexpectedly asking you to provide, update, or verify your personal or account information, such as passwords, Social Security numbers, personal identification numbers (PINs), credit or debit card numbers, or other confidential information.
If you believe your account security has been compromised or have any concerns, call us immediately at 844-4TRUIST (844-487-8478).
Learn more about how Truist protects your accounts, and get helpful tips on steps you can take to protect yourself from fraudsters.