What is Social Engineering Fraud?The Basics of How a Social Engineering Scheme Works
What is Social Engineering Fraud? Definitions & Overview
Businesses rely on trust. To a great degree, you need to trust that your employees, vendors, and customers are legitimate, fair, and honest.
Many third parties are trustworthy. But… some are not.
To exploit your trust, swindlers will often imitate the legitimacy of your genuine counterparts, and then layer on tactics like urgency and pressure to get you to act. In this chapter, we take a closer look at social engineering fraud and why it’s so insidious.
Social Engineering
Psychological influence and deception can cause you to voluntarily and unknowingly give up your credentials to bad actors. Here’s how to protect yourself against social engineering attacks.
What is Social Engineering?
- Social Engineering
Social engineering attacks occur when a fraudster impersonates a trusted individual, such as a representative from a billing department or an employer. This is done to convince their victim to release important proprietary information like passwords or account numbers.
[noun]/sow • shl • en • juh • neer • uhng/
Essentially, social engineering is a confidence scam. They are entirely based on trust. The social engineer will choose a victim, earn their confidence, and then attempt to trick that individual into providing them with confidential information. This generally works through four basic principles:
- Confidence: Social engineers may pretend to be someone you trust, or impersonate an authority figure (a boss, government official, etc.).
- Consensus: Using peer pressure or social proof to force someone to act against their own best interests.
- Familiarity: Faking complex feelings to manipulate victims into acting. For example, a dating scam.
- Urgency & Scarcity: Applying a sense of urgency to queries or conversations, is the hope of rushing victims into acting without thinking.
Social engineers will generally target victims through email, online direct messages, text messages, or even phone calls. Unfortunately, these scams become more frequent and cast a broader net every year.
How Social Engineering Tactics Work
Social engineers target the human element by manipulating victims through persuasion, fear, urgency, and outrage.
According to a report by Splunk, as many as 98% of all cyberattacks involve some sort of social engineering. Common social engineering vectors, like phishing, are unfortunately a dime a dozen: 94% of businesses reported phishing attempts in 2024.
As mentioned above, the name of the social engineering game is persuasion. For instance, if someone you don’t know emails you from an unrelated business demanding you change your business login credentials, you’re not likely to follow those instructions. However, if the scammer is able to pose as someone you know and trust, like your manager or boss, it’s much easier for them to convince you. This is the genius of social engineering.
A lack of investigation and critical thinking is the entire goal of social engineers. They aim to manipulate you into making a mistake through heightened emotions. Inciting anger or outrage, for instance, is one of the easiest ways to make someone act without thinking. The same applied to fear; you might lose your position, account, or status if you fail to follow instructions.
Recently, the so-called “Look Who Died” scam has been widely circulated on Facebook and TikTok. Using this particularly horrible tactic, social engineers will target victims, claiming that a friend or loved one died, and providing a link. The victim clicks on the malicious link, and their profile is compromised.
Without some form of emotional manipulation, social engineers would struggle to connect with their victims. It’s a lot easier to “hack” a person’s feelings than a complex series of security measures.
