Social engineering: How to spot scammers disguised as friends
Oct. 4, 2023
3 min read
What we'll cover
The definition of social engineering
Common tactics used by scammers
Ways you can help protect yourself
Email, texting and social media make communication super convenient and easier than ever. But when scammers use these digital tools against you to attempt to gain your trust, your finances could be at risk. The good news? There are proactive steps you can take to help prevent falling victim to these common schemes. Start by taking our social engineering quiz to test your knowledge, then read on to learn about different social engineering scams.
What is social engineering?
Simply put, social engineering is when scammers use deception to obtain personal information from an individual and use it for fraudulent purposes.
Anyone can be a target of a social engineering scam. In 2022, the Federal Trade Commission received more than 2.4 billion fraud reports, which resulted in $8.8 billion lost.
Social engineering is when scammers use deception to obtain personal information from an individual and use it for fraudulent purposes.
What are some common social engineering tactics?
Scammers can use a number of techniques to swindle you out of money.
The sweetheart scam
Between dating apps and social media, it's easy to find love online. But watch out for con artists who act romantically interested, only to ask for your login information to give you money, or to pay for things like plane tickets, surgery, debts or travel documents.
The new account scam
A con artist paying you to open and manage a bank account sounds crazy, but it's actually another social engineering tactic. In this instance, the scammer gets a person to open a new account, then asks them to make deposits, transfer money to others or provide account and routing numbers. The con artist can then write checks without sufficient funds in the account, leaving you, the unsuspecting account owner, holding a bag of expensive overdraft charges.
The overpayment scam
Generally, the scammer pretends to be interested in purchasing anything from a vacation rental or a used car to furniture on an online marketplace. The scammer “accidentally" pays with a check for more than the agreed price and asks you to send back the excess amount in return. The original check bounces, resulting in losing not only the payment and the excess wire amount, but possibly the sold item as well.
The quid pro quo scam
A fraudster asks for personal information in exchange for a free gift, like a T-shirt or tickets to a show. But the item will usually be fake, poor quality or won't come through at all, allowing them to obtain your valuable personal details.
Some con artists may hack or send hundreds of emails or texts impersonating reputable companies and banks to obtain usernames, passwords and credit card details. Another method of phishing involves social media email notifications. Once you click, you're taken to a login page where you unknowingly give a cybercriminal control of your account.
Spear phishing scam
By pretending to know you through social media and other online information, a criminal using spear phishing sends you a very specific email or text. They may claim to need money wired for an emergency while traveling overseas or claim they're a loved one with a new phone number.
Vishing scammers use fraudulent phone numbers and even voice-altering software to pose as reputable companies or individuals to get sensitive personal information. Sometimes hackers use vishing and phishing methods in tandem. For example, fraudsters could pose as a reputable company, like your financial institution, and spoof that company's phone number to try to add legitimacy to the scam.
Pretexting is essentially when a scammer poses as a trustworthy person, like a co-worker or bank representative, or even a telemarketer, to gain your trust.
Current event and get rich quick scams
Any get-rich-quick promises, low-risk “golden opportunities" and online ads for “new credit identities" could potentially be scams.
Protect yourself against social engineering
To help keep you and your information safe, here are a few rules to keep in mind:
Be wary of anyone you don't know and of any request that makes you feel uncomfortable.
Never give anyone your bank account information, access to your computer or your email login credentials.
Don't take money (i.e. checks, electronic payments, etc.) from strangers and transfer that money on their behalf.
Don't download a digital file from someone you don't know or blindly click on a URL on social media apps or in emails.
Double-check that the website name or address doesn't contain spelling errors, distorted logos or strange letters and numbers.
Regular account monitoring can help you spot any fraudulent activity early on. At Ally Bank, we offer our debit card customers the Ally Card Controls app, which allows you to control where and how your card is used and easily monitor your card's activity.
Simply being mindful — and skeptical — about any messages that urge you to take action on something unexpected can help keep your money and bank accounts safe and secure.