What are social engineering scams and how do they happen?
Social engineering fraud refers to any type of scam where fraudsters use psychological tricks to exploit your trust and con you into handing over confidential information or transferring money to them.
Social engineering scams are commonly done via fake phone calls (vishing), texts (smishing), emails (phishing) and social media accounts.
Often, scammers will impersonate someone you know. They may also pretend to be someone from a trusted organisation such as a bank, postal service, utility company or tax authority to obtain confidential information from you. They might even pretend to be from Skrill.
In some cases, fraudsters will hack into someone’s social media or email account to harvest their contacts. They’ll then get in touch with the victim’s friends and family pretending to be them and ask for account information or card details.
Whatever their line of attack, the aim of a social engineering fraudster is to gain your trust so that they can successfully pressure, manipulate or trick you into handing over information or making an urgent payment.
Some scammers cast a wider net to catch as many victims as possible. To do this they might post adverts on social media platforms or set up legitimate-looking websites that promote risk-free investments, exclusive offers or free products. To gain access, you must hand over your payment details.
When you’ve been scammed, these goods or promises don’t materialise, and the fraudster now has your financial information.
What happens if you fall victim to a scam?
If you fall victim to a scam, you may not realise it until the fraudster starts to use the information they’ve collected. Signs that a scammer has gotten hold of your credentials include:
- Transactions on your account statements that you don’t recognise
- Having a lump sum taken from your account
- Receiving bills or invoices for things you haven’t purchased
- A rejection for credit despite having a good credit history
- Not receiving goods or services that you’ve paid for
How to avoid being scammed
Here are some of the most important things you need to do to protect your information and keep your money safe:
- Always be suspicious of offers that seem too good to be true and never buy into get-rich-quick schemes
- Never give someone you don’t know information about your identity
- Keep your banking, card and account information secure and don’t share it with anyone, including your financial provider
- Do not transfer money to anyone who’s putting you under pressure
- Never share your PIN, passwords or one-time passcodes
- Always verify a company’s credentials before handing over any money or payment details
- Don’t rush into buying something because it has been advertised as time-limited
- Log on to websites directly. Don’t use links sent in emails, texts or on social media platforms
- Don’t give information to people or entities that contact you out of the blue
- Check communications for spelling, grammar and language errors
- Make sure you always log off or sign out of websites and accounts
Vulnerable people and the elderly are more susceptible to falling for scams, so are often targeted by fraudsters. If you’re worried that you or someone you care about is vulnerable to financial fraud, get in touch with your local social services for help and support.
What to do if you see - or are a victim of - a social engineering scam
If you’re a victim, get in touch with your financial provider to let them know what’s happened so they can secure your money, replace your cards and set up additional security measures on your accounts. Make sure you reset all your passwords so scammers can’t access your accounts.
You should also report fraud to the police or your local law enforcement. If you’re based in the UK, you can report scams to Action Fraud UK, or to the cybercrime unit of your national police force if you’re based outside of the UK.