
You’ve been chatting with someone on a social media site, and things seem to be going well. So well that you’re already talking finances. The person asks you to conduct a simple transaction at your bank on their behalf. Wanting to build a trusting relationship, you, of course, agree. Things must be serious, right?
In reality, your finances and cybersecurity could be in serious trouble. Not to sound alarmist, but each day, cyber criminals are practicing what’s called social engineering — tactics that deviously manipulate people into compromising their cybersecurity by voluntarily sharing confidential information.
How can you help prevent yourself from falling victim to social engineering? Take an active role in your cybersecurity with proactive steps to inform yourself of the latest social engineering tactics. (A healthy level of skepticism is also good to have.) So, go on, get yourself ready to spot cyberattacks.
What is social engineering?
Simply put, social engineering is when scammers use deception to obtain personal information from a person and use it for fraudulent purposes.
Fraudsters can commit social engineering in numerous ways, but in most instances, they manipulate you into giving them confidential passwords, bank account information, or other sensitive information. They might also ask for access to your computer. If you grant permission, they can gain control of the machine and install malware or software that gives them the ability to see all your account login information and passwords.
Anyone can be a target of a social engineering scam. In 2019, the Federal Trade Commission received more than 1.7 million reports of social engineering fraud, which resulted in $1.9 billion lost. Keep in mind, in some cases, you can be held accountable for the fraud loss and possible “money mule” activity (meaning, the transfer of stolen money) — while the con artist gets away with the money. So, stay vigilant!
And the victims aren’t always who you think. Younger and more savvy people are reporting social engineering more than older counterparts. A recent study from the Federal Trade Commission reveals that millennials in their 20s and 30s are 25% more likely to report money lost to a social engineering attack than people 40 and over. It’s a surprising statistic that demonstrates your cybersecurity should remain a priority regardless of your age.
What are some common social engineering tactics?
You’ve probably heard about the one where an overseas prince named you a beneficiary in their will and needs your financial information to transfer your inheritance. It’s a common social engineering technique.
But you might not be familiar with the following tall tales that scammers hope will swindle you out of thousands, or even tens of thousands, of dollars.
The Sweetheart Scam
Popular online dating sites are where the magic happens these days. And, by their nature, social media sites make it easy to stay in touch with friends while reaching out to meet new ones. But how well do you know the new acquaintance or possible new flame who just friended you? Cyber criminals often use both roles to perpetuate this scheme.
The con artist acts romantically interested in an unsuspecting person but often will say they’re living outside the U.S. for reasons like working on an oil rig, in the military, or as a doctor with an international organization. Once a trusting relationship has developed, romance scammers will ask their targets for money to pay for things like a plane ticket, surgery, gambling debts, or a visa and other travel documents.
These cyber criminals will then ask you to pay by wiring money or with reloadable cards like MoneyPak or gift cards from vendors like Amazon, iTunes, or Steam. Not only are these payment methods major red flags, but they allow the scammers to get cash quickly, remain anonymous, and the transactions are nearly impossible to reverse.
The New Account Scam
Paying someone to open and manage a bank account sounds crazy, but it’s another social engineering tactic and cash grab. A con artist may get a person to open a new account and then ask them to make deposits, transfer money to others, or provide account and routing numbers. At some point, the con artist can then write checks without sufficient funds in the account, leaving the unsuspecting account owner holding a bag of expensive overdraft charges.
The Overpayment Scam
This con can occur with various types of business transactions. Generally, the scammer pretends to be interested in purchasing something the victim (a person or business) has advertised — for instance, a vacation rental or a used car. The scammer “accidentally” pays with a check for more than the agreed price and asks the victim to simply wire the excess amount. Once the victim has done so, the original check will bounce. This might result in the victim losing the payment, the excess amount they wired, and, sometimes, the sold item, too.
The reason this scam can work is because it takes time to realize a check is counterfeit. In addition, wire transfers are especially difficult, if not impossible, to reverse or trace.
The Quid Pro Quo Scam
A quid pro quo scam is exactly what it sounds like: A scammer asks for personal information in exchange for a free gift, like a t-shirt, tickets to a show, or other prize item. In most cases, the “gift” will be fake, won’t come through, or will be poor quality — whatever it is, the scammer makes off with a piece of personal information, and the victim is left to deal with the damage.
Phishing Scam
Some con artists may hack or impersonate email and other electronic communication channels from reputable companies, trustworthy entities, and banks to obtain usernames, passwords, and credit card details. When phishing, hackers cast a wide net, often sending messages to hundreds at a time, and they may use an email address that appears legitimate.
Another popular phishing method on social media starts with a standard email notification: “Somebody just tagged you in some new photos from your recent party.” You click to check it out, which takes you to a Twitter or Facebook login page. You enter your account info, and a cybercriminal now has control of your account with your username and password. How did this happen?
Both the email and the landing page were fake. And that link you just clicked took you to a page that only looked like your intended social site.
Spear Phishing Scam
Spear phishing, in contrast, is highly targeted and focuses on a single individual. Hackers do this by pretending to know you through your social media and other information they find online. It’s much more personal: Well-researched targets receive an email, text, or other electronic communication that appears to be from a known or trusted sender, like a friend.
Often, spear phishing can come in the form of an email that appears to be from a friend claiming that, while traveling overseas, they’ve encountered a problem and need money to be wired (this is a typical red flag) with a promise of repayment when they return. Another common practice is for the hacker to text victims and claim that they are a friend or family member with a new number. And after establishing a level of trust, they may request money or more.
Pretexting
Pretexting is essentially when a scammer pretends to be someone else in order to get information out of a victim. The scammer can pose as a trustworthy person, like a co-worker or bank representative, or they might appear to be a stranger, like a telemarketer. The scammer’s goal with pretexting is to gain the victim’s trust — and unfortunately, they can be quite good at it, so be wary if asked to give any personal information over the phone.
Current Event and Get Rich Quick Scams
Recent times have taught us that would-be fraudsters will leverage current events like COVID-19 and other hardships to appear more legitimate or take advantage of those who are already susceptible.
Any get-rich-quick promises, low-risk “golden opportunities,” and ads across the web and social media for “new credit identities” are most likely scams. Crafty cyber criminals are just exploiting a vulnerability at a time that many people are feeling a monetary squeeze.
Oftentimes, schemers will also leverage new technology like the money-sharing apps Venmo, Cash App, or Zelle, which let you send and receive money through your smartphone. In the case of a scam, you may get an unexpected email or text message that asks you to send money via one of these apps. Before logging into the app to doublecheck your requests, you click the link. But there is no matching request and the email or text is just the latest version of a phishing scam.
How can you protect yourself against social engineering?
Most importantly, be wary of anyone you don’t know and of any request that makes you feel uncomfortable. (Your gut can tell you a lot!) Never give anyone your bank account information, access to your computer, or your email login credentials. Don’t take money (i.e. checks, electronic payments, etc.) from strangers and transfer that money somewhere for them. Apps like Venmo are unlikely to call or email you to request that you provide a password or verification code for your account outside of the app. And downloading a digital file from someone you don’t know or blindly clicking on a shortened, odd URL on Twitter (and other social media sites) is also a no-no.
These scams aren’t sophisticated, so your level of protection is more about paying attention. Data security programs or high-tech measures employed by your financial institutions are important to help protect your digital data. But simply being mindful — and skeptical — about the situation can help keep your money and bank accounts more safe and secure.
If you receive a phone call or an email that sounds similar to one of these popular rip-offs, ask yourself the following questions:
- Do you know this person? Can you confirm their identity?
- Did you meet this person online? Are they trying to manipulate you emotionally (i.e., make you feel sad and/or bad for them)?
- Have you shared any personal account information with them?
- Is the person asking you to send money to them?
- Does the email address seem off? Does the website name or address contain spelling errors or strange letters/ numbers?
- Does what you hear sound too good to be true?
Regular account monitoring is also a good best practice to help you spot any fraudulent activity early on. This process means checking your transactions before that monthly statement rolls into your inbox. To make tracking and monitoring a bit easier, many banks allow you to set up fraud alerts, transaction alerts, and/or card controls.
At Ally Bank, we offer our debit card customers the Ally Card Controls app, which allows you to control where and how your card is used and easily monitor your card’s activity. You can also set up specific merchant categories or transaction type controls, giving you greater control over your card’s activity.
Now that you know what to look out for — you can get back on that social media site armed with a healthy level of skepticism for (and knowledge of) scammers.
Comment on this article
Comments
Ralph C. on October 26, 2018 at 12:38pm
Too long. Tried to cover too much in one e mail.
Lorraine A. on October 26, 2018 at 8:38pm
This security article is a necessary read for everyone. I recognize these scams because people have tried them on me. Some of the scams are very elaborate.
Ally on November 1, 2018 at 10:41am
Hi Ralph, we appreciate hearing your feedback and will share your thoughts with the team.
Ally on November 1, 2018 at 11:26am
Hi Lorraine, we hope you found the article to be helpful! Thanks for sharing your thoughts.
AT on December 17, 2018 at 8:52am
Love this article. Not what I was expecting to see from a bank blog but definitely worth the read
Dennis on April 15, 2019 at 8:58am
Very good info....glad I read it, didn't care how long it was, it was all informational and worthwhile to me. !!
Ally on April 16, 2019 at 12:54pm
Hi Dennis, we love hearing this. Thanks for reading!
Skillet on August 24, 2019 at 7:29pm
I suppose when you grow up with nothing.....you insulate yourself from losing anything. My youngest daughter however, grew up with a level of wealth I could only dream of at her age. Along with her father and I ...her grandparents have been generous. She was scammed buying a car on Ebay. Sent this person $3,000 in gift cards. I nearly had a cow when I found out but she thought she was so smart. (It was her money she lost.) If I have no way of recovering my money (trust is a 4 letter word when it comes to money)....should something go south...Im not about to do it. I have had a couple of folks ask me to cash their checks and Ive had to tell them no....sorry. However, I have offered to help them open a checking/savings account should they feel intimidated doing so. When they turn me down....that lets me know....something is wrong. I agree with the article that younger generation is more apt to be scammed than an older generations....not necessarily because of social media as this articl
Ally on August 28, 2019 at 1:46pm
We’re sorry to hear about what happened to your daughter; thank you for sharing your story.
Steven on October 26, 2020 at 1:20pm
Awareness and knowledge is the key!
Nancy on October 26, 2020 at 1:39pm
Excellent article —All tech users—which is just about everyone—need to know this info. Most all of us have an experience with scammers—the Bonny and Clyde of our times. Once I was phoned with a cruise trip offer which sounded weird because payment was in gift cards—while still on the line I walked to the Police Station and asked them what they thought—the would be crook hung up👍
Luisa G. on October 26, 2020 at 2:40pm
It is good for people to be aware of these risks so they can avoid the danger out their. Thank you
Papa on October 26, 2020 at 2:49pm
So where is the quiz? I answered one question and it vaporized. What gives?
Susan on October 26, 2020 at 3:19pm
I have tried to be scammed on several “dating apps” but thankfully, was smarter than the scammers.
Alexander on October 26, 2020 at 3:27pm
Thank you for useful and on time article.
Ally on October 26, 2020 at 3:28pm
Hi Alexander, thanks for reading.
Ed on October 26, 2020 at 3:34pm
Great information,always good to be reminded,THANKD
Ally on October 26, 2020 at 3:35pm
Hi Ed, thanks for the comment. 😊
Darnell W. on October 26, 2020 at 3:58pm
Good 👍
Shari J. on October 26, 2020 at 4:29pm
Very helpful
Janice C. on October 26, 2020 at 4:50pm
Normaly, I dont take the time out to read these informational email, but I am very glad that I read this one. I learned so much about how to stay alert in protecting my personal information when I am varies online sites.
Ally on October 26, 2020 at 4:51pm
Hi Janice, we’re glad you found this article helpful. Thanks for reading.
Elle D. on October 26, 2020 at 4:56pm
This was a good article, but a bit too long and tried to provide too much information. I don't do Social Media and I do NOT trust anyone. But articles like this are always helpful and informative. Plus, it never hurts to reinforce what you may already know and understand. Plus I love quizzes. Quiz said I was a Regular Cyber Sherlock. Now that was funny. :)
Varneca M. on October 26, 2020 at 5:31pm
Number 7 What are some waring signs of phishing you should recognize? The correct answer if the first and third answers. I got that answer correct but yet it said it was incorrect. I got the answer correct.
Elizabeth S. on October 26, 2020 at 5:36pm
Very good
Albert on October 26, 2020 at 5:37pm
Thanks
Sandra on October 26, 2020 at 6:03pm
This article gave some very interesting and informative information that everyone can use. If more people took the time to read it, maybe there would be less people scammed.
Ally on October 26, 2020 at 6:04pm
Thanks for the comment, Sandra!
Jes S. on October 26, 2020 at 6:05pm
Great article Good sound advice that we constantly need to be reminded of!
Ally on October 26, 2020 at 6:06pm
We appreciate your comment, Jes. Thanks for reading.
John C. on October 26, 2020 at 6:18pm
An excelant reminder of the Scams, etc that invade us each day.
Ally on October 26, 2020 at 6:19pm
Hi John, thanks for reading. We’re happy to hear you enjoyed the article.
Angie on October 26, 2020 at 6:23pm
N/A
Vanessa D. on October 26, 2020 at 6:25pm
Was a long read. Very informative. Never new how much scamming can cause. Thanks for the information. Will be on the lookout.
LudgerLaventure on October 26, 2020 at 6:37pm
very informative! Thanks for sharing.
Joyce on October 26, 2020 at 6:48pm
Nothing I didn't already know. Personally, I am surprised that anyone would fall for any of these obvious scams.
Kim B. on October 26, 2020 at 6:48pm
Thank you this is very informative and I believe that would make great mail for everyone.
Roxann K. on October 26, 2020 at 7:12pm
I definitely need to learn more about how someone can take advantage of me!!!
Jordan S. on October 26, 2020 at 7:15pm
Very good
Carol D. on October 26, 2020 at 7:29pm
I am sorry I haven’t made my payment but I have to wait tell the 3rd of November and then you can take both payment out
Rosalind B. on October 26, 2020 at 7:32pm
These where some interesting quiz questions
Prasanth R. on October 26, 2020 at 7:41pm
I am good with it
Baerbel S. on October 26, 2020 at 7:49pm
In the question about warning signs of phishing , both statement 1 and 3 are warning signs, but you counted this answer (#4) as incorrect.
Jerry W. on October 26, 2020 at 7:52pm
I have never seen anything like it. Thanks, BACON SR
Elisabeth C. on October 26, 2020 at 7:55pm
It was nice having the chance to check my ability to spot malvare
Information on October 26, 2020 at 8:10pm
I thought this article was very informative and useful.
tony on October 26, 2020 at 9:00pm
Picked the right answer for the 3rd question, but the site indicated my response was wrong
Stephanie B. on October 26, 2020 at 9:03pm
Very helpful safety information
Stephanie B. on October 26, 2020 at 9:04pm
Very helpful
Ally on October 26, 2020 at 9:05pm
Thanks for reading, Stephanie.
Dawn on October 26, 2020 at 9:12pm
This article is informative for some, but I really expected a “test” to see how well I could spot a scam, not that lame question at the end. People with common sense usually fair well.
Serena M. on October 26, 2020 at 9:23pm
I always make sure that I delete any unknown emails and I even delete one that just look suspicious. if for some reason I need to check back that some thing was important they will re-email or call very informative. .
Dorothy on October 26, 2020 at 9:42pm
This security article is highly recommended for everyone to read. I shared it with my high school students during class. As a science Instructor, I learned some new things as well. I really want to say thank you, to Ally bank for helping me protect what I worked hard for to survive.
Ally on October 26, 2020 at 9:43pm
We love hearing this, Dorothy. Thank you so much for reading and for sharing.
David M. on October 26, 2020 at 9:49pm
Double-check the response label on question 3. The correct answer (the 4th option: both 1 and 3) is showing as “incorrect”. “ Incorrect Both the first and third answers are correct. If you do some sleuthing, you’ll often find that the web addresses and emails sent from these criminals “gone phishing” may have strange syntax or contain spelling errors when you take a closer look.”
cmacak47 on October 26, 2020 at 10:12pm
Ally, this quiz needs some real work. It skips pages (5-7 and 7-9), then tells my correct answer which is both 1 and three are warning signs is "Incorrect Both the first and third answers are correct. If you do some sleuthing, you’ll often find that the web addresses and emails sent from these criminals “gone phishing” may have strange syntax or contain spelling errors when you take a closer look." Not worth a second look.
Angel S. on October 26, 2020 at 10:35pm
Very informative
Wayne M. on October 26, 2020 at 11:02pm
Since I have had my Cyber Security cert, I recognize some new terms. It shouldn't be a surprise to me to see hackers find new ways to access private information for financial gain. Thank you for the quiz, it has awakened my thinking about securing my information and accounts.
Erika D. on October 26, 2020 at 11:08pm
Thank you
Erika D. on October 26, 2020 at 11:10pm
Thank you for let me know amd for taking this little quiz
David K. on October 27, 2020 at 1:06am
Helpful.
BonnieB on October 27, 2020 at 3:45am
Very useful and never out-of-date information. Every bank account holder should be required to take this quiz upon opening an account, it will serve as a pre-reminder not to share sensitive information with anyone.
Mike S. on October 27, 2020 at 9:06am
I appreciate ALLY's effort to share this information and alert or remind folks of these types of treachery. I am absolutely amazed that it happens to folks. The bottom line is: Not to give personal information or "anything" (money) to anyone who contacted you. If You contact them or go to their known website; you should be okay BUT NEVER clink on a "Provided Link." NO, NO, NO. THANKS ALLY ! !
Eldridge on October 27, 2020 at 9:49am
GREAT info! Young people have to learn.
Werner on October 27, 2020 at 10:22am
Love to take the quiz, but ...! Hovering over the 'Get sleuthing' does not allow me to see on the bottom of the browser where the link behind it would bring me to, so it is unsafe to do it.
John H. on October 27, 2020 at 10:31am
Good article!!
Melissa P. on October 27, 2020 at 10:46am
Thanks for the info and I learned few things in this questionnaire.
Ally on October 27, 2020 at 10:48am
Thanks for taking the quiz, Melissa. Glad you enjoyed it.
Billy M. on October 27, 2020 at 12:22pm
Very informative
Peter on October 27, 2020 at 1:55pm
Do you have 2 factor ID for my account? If not, why not?
Pam D. on October 27, 2020 at 2:24pm
Great information and we must always stay informed. Thank you
Ally on October 27, 2020 at 2:26pm
Thanks for the comment, Pam. 😊
JOE A. on October 27, 2020 at 3:23pm
Thanks Very Much for this article. I've received information like this at work , too.
Ally on October 27, 2020 at 3:24pm
Thanks for reading, Joe Ann. We appreciate the comment.
Francis m. on October 27, 2020 at 4:51pm
Good for members to know
Cheryl C. on October 27, 2020 at 10:06pm
Good job! it may seem a bit long, but it's vital information. Hackers try to get too much money from you if they can, even in one e mail. Thanks Ally. I get the point.
Jeannette P. on October 28, 2020 at 2:01am
I was definitely a victim of the very thing that you were explaining here in this article. My only regret that I did not see or was aware of this article teo Saturdays ago. My account has been truly compromise it was wiped out I'm praying that I can recoup the money from my actions.
Elesabeth on October 28, 2020 at 3:15am
Thank you, this will help me in everything .
william h. on October 28, 2020 at 10:29am
thanks, We have experienced these types of scams before. My wife caught it before anything happened. Can you not say this conversation is being recorded and reported to proper authority.
Tammy L. on October 28, 2020 at 2:43pm
to long get to the survey.
yourself on October 28, 2020 at 8:40pm
Job well done.
JC on October 29, 2020 at 4:33am
You may want to stress to not click on any url that you see in social media or email says it is the login to your bank, social media, or any of your online logins/accounts. Instead manually type in the url or click it from your bookmarked url's.
TiJuana R. on October 31, 2020 at 8:56am
Skipped over some questions
Gayle N. on November 1, 2020 at 11:51am
Very good info,you are right about dating site,I've had about 4 people ask for money in form of iTunes cards.I never ever give strangers online money,
Dovie B. on November 2, 2020 at 3:19pm
I missed two questions which tells me I need to be wary of all scammers.
Oswaldo B. on November 16, 2020 at 4:27am
Thanks for the update. I realize that and I will have to be more careful about it
Ally on November 16, 2020 at 8:29am
Thanks for reading, Oswaldo. We’re glad you found this article helpful.
rosy c. on January 28, 2021 at 3:56pm
good
Keith M. on October 14, 2021 at 11:17am
Excellent article. It was very succinct and well written. Thank you for the information.
Ally on October 14, 2021 at 11:18am
Hi, we’re happy to hear this. Thanks for the great feedback!