Friday, 6 August 2021

The internet has connected the world like never before and ushered in a new era of global communication and information sharing.

Unfortunately, it has also opened a Pandora's box of criminal activity.

Today, more than 50 percent of the world's population uses the internet. In America, more than 85 percent — more than 330 million people — are online. That gives cyber criminals relatively easy access to hundreds of millions of targets for their digital deception, commonly referred to as social engineering.

What is social engineering?

When used in reference to cybercrime, social engineering is the act of deceiving or manipulating someone into providing personal information intended to be used for fraudulent purposes. It's called social engineering because criminals use human instincts and emotions — trust, fear, curiosity, greed and a desire to help others — to manipulate victims into doing what they ask.

According to one survey, 43 percent of Americans have been the victim of some type of cybercrime, with 64 percent being scammed out of $1,000 or more. And as the COVID-19 pandemic continues to drive Americans to the internet for everything from grocery shopping to work meetings, social engineering has become an even greater problem for U.S. consumers and companies.

Common types of social engineering

While there are many different kinds of digital scams out there — and more are being devised every day — these are some of the most commonly used social engineering schemes right now:

  • Phishing: Deceptive emails, websites, chat or text messages designed to trick people into giving out personal or financial information. They frequently look like communications from a trusted source, like a company or organization with whom the victim has a relationship. They will often request information related to the victim's account and have a sense of urgency, as in “you must do this now to protect your account."
  • Other phishing attacks — also using emails and texts — aim to infect the user's computer with malware, which is malicious software that will damage the user in some way.
  • Spear phishing: While regular phishing emails are typically sent to a mass audience, spear phishing targets an individual or specific group. Often hackers scan the intended target's social media feed to find some bit of information they can use to make the attack seem more authentic and personal.
  • Vishing and smishing: These are phishing attacks via voice call (vishing) and SMS text (smishing).
  • Scareware: Communications that mislead the victim into believing their computer or device is infected with malware, then offer to remove the bad software for a fee.
  • Baiting: Emails, texts, chats and web ads that offer a prize or reward for clicking a link or downloading an attachment. Common rewards include free music downloads or gift cards. Baiting can be used to get the victim to provide information or to infect their computer with malware.
  • Quid Pro Quo: Like baiting, these communications request information in exchange for some service or benefit. An example would be an offer of free technical support if you provide your login credentials.
  • Pretexting: With pretexting, the hacker often poses as an authority figure, such as a police officer or investigator. The initial text or email is intended to start a conversation with the victim with approaches like “I need your help" or “Are you available?" If the victim responds, the hacker will then make some kind of request for information, direct the victim to a website or even ask the victim to send money.

How to protect yourself from social engineering scams

While infecting computers with malware is the aim of some hackers, the majority of social engineering scams are trying to get the victim's personal or financial information. With that in mind:

  • Aggressively protect your personal information. Whether you're online, in person or on the phone, you should always be overly cautious when it comes to sharing any personal or financial information. This includes protecting documents, mail, your driver's license, Social Security card or anything that contains personal information.
  • Be suspicious of all electronic communications requesting information or asking you to perform a task. When a legitimate company needs information, you will typically be directed to a secure site and be asked to log in using your credentials. A secure site will start with “https," not“http," and will also have the closed padlock icon to the left of the URL. If you are unsure of an email's legitimacy, contact the company directly —but not by replying to the email. Contact them directly through their website or call the number from your own research efforts. And never send personal information in emails.
  • Keep your software updated. Many software updates include security upgrades, so it's wise to install the updates when they are available. Installing anti-virus software and using email filters can protect you from some communications. Many browsers and email programs also offer anti-phishing features you can activate.

Social engineering scams aren't going away any time soon. In fact, they're likely to become more commonplace and more sophisticated. That makes it all the more important to exercise extreme caution with your information and also develop a healthy sense of skepticism about any and all digital communications.


The content provided is for informational purposes only. Neither BBVA USA, nor any of its affiliates, is providing legal, tax, or investment advice. You should consult your legal, tax, or financial consultant about your personal situation. Opinions expressed are those of the author(s) and do not necessarily represent the opinions of BBVA USA or any of its affiliates.

Links to third party sites are provided for your convenience and do not constitute an endorsement. BBVA USA does not provide, is not responsible for, and does not guarantee the products, services or overall content available at third party sites. These sites may not have the same privacy, security or accessibility standards.