Learn more about the Core Banking System conversion.

August 09, 2023 Security

What Is A Social Engineering Scam?

Similar to other scams, social engineering scams occur when a criminal tries to take personal and private information from a victim through a series of tricks. The information they are after is usually login credentials, account information, or social security numbers. Their hope is to get this information from you, and use it to open new accounts or access your existing financial accounts. It is important to know what these scams looks like and how you can best avoid them.

What Does A Social Engineering Scam Look Like?

Social engineering scams normally appear through three ways of communication.

  • Phone Calls: When the criminal uses a tactic called “vishing” in order to make phone calls and gather information from you.
  • Emails: When the criminal uses “phishing” emails to gather personal information.
  • SMS Text Messages: When a criminal uses a “smishing” text messages to ask for verification or private information.

Oftentimes, these scammers will masquerade as an employee from an organization you trust. They will send you messages, ask you for the answers to your security questions, and send you texts to verify your identity. They do all of this in hopes of receiving access to your online banking or financial platform where they can steal your money and personal information. It is important you know how to protect yourself from this new and rising scam.

Common Tactics Used in Social Engineering Scams

In addition to the three primary communication methods mentioned earlier (phone calls, emails, and SMS text messages), social engineering scammers employ various tactics to manipulate individuals into divulging sensitive information. These tactics often play on emotions, urgency, and trust to increase their chances of success. Some common tactics include:

  1. Pretexting: Scammers create a fabricated scenario or pretext to engage victims in conversation. For example, they might pose as a co-worker requesting urgent help or as a service provider requiring personal information for account verification.
  2. Baiting: This tactic involves offering something enticing, like free software downloads or prize winnings, to lure individuals into clicking on malicious links or downloading infected files.
  3. Quid Pro Quo: Scammers promise something in return for sensitive information. For instance, they might claim to offer technical support and request remote access to a victim’s computer under the guise of fixing an issue.
  4. Tailgating: In a physical setting, scammers might follow closely behind an employee entering a secure area, relying on the employee’s inclination to hold the door open without verifying their identity.

How to Protect Yourself From These Scams

There are a variety of things you can do to ensure you do not fall victim to these crimes, no matter how convincing the scam may be.

  1. Understand Some Security Features are Only For You To Know – Know that organizations should never ask you for your security answers or one time passcodes. Those are questions and codes that only you will ever need.
  2. Don’t Click on Links – Links, whether in a text message or email, will download malware onto your device if you are not careful. If you are not expecting an incoming link, do not click on it.
  3. Double Check Phone Calls if your Worried – If you get a message or call about an existing account you have, but did not initiate contact and are unsure of that validity of the message, reach out to the company yourself and ask them if they have send any communications.
  4. Don’t Trust Caller ID – Scammers are getting better and better at spoofing phone numbers that look like they are coming from your local area. Just because the number shares the same area code as you does not mean that it is a reliable contact.
  5. Hover Over Contact Display Names & Links – In an email, you can hover with your cursor over the contact name of the sender to see what email address they used to send the email. Be aware that emails from official companies should include the company’s name in the email address. The same goes for hyperlinks, hover over the underlined text to see the URL of the page it will send you too and make sure the page name looks relevant to the hyperlink.
  6. Do Not Give A One-Time Passcode To Anyone – If you receive a call and the person on the line asks for a passcode you have been sent, never give it to them. Institutions will never ask you for a one time passcode over the phone.

Beware of these scams. Do not click links in texts. Do not give out your personal information. Institutions will never text, call, or email you asking for account information.


This article is for educational purposes only. WeStreet makes no representations as to the accuracy, completeness, or specific suitability of any information presented. Information provided should not be relied on or interpreted as legal, tax or financial advice. Nor does the information directly relate to our products and/or services terms and conditions.