Photo Credit: pexels
Here’s a shocking statistic for you: the FBI says that over 320,000 individuals were victims of a social engineering scam last year, with total losses north of $45 million. And it could be worse than that. The FBI says that many people are too embarrassed or ashamed to admit that they’ve been scammed on social media, so they never report their losses. Thus, the number of social engineering cases is likely very underreported.
What’s a social engineering scam?
There’s obviously a lot to unpack here. First of all, what in the world is a social engineering scam? You might be surprised to find out it has absolutely nothing to do with engineering in the traditional sense. Instead, it has to do with the way that social media can “engineer” (i.e. manipulate) certain outcomes by making it appear that messages or responses are coming from a trusted party.
Perhaps the best way to explain this is with a classic example. Out of the blue, you receive an email saying that one of your social media accounts has been hacked. You’re also given a link to click on, and told that you need to verify certain details in order to regain control of your account. But here’s the thing – the whole thing has been an absolute ruse, all designed to get you to provide certain forms of personal information (such as your birthdate, password, or Social Security Number) that you would normally never provide.
Often, there’s some type of time-sensitive messaging included, such that you don’t have a lot of time to think. The scammers don’t want you to realize that the link they have provided is fake, or that the email is coming from an account that has nothing to do with Facebook, X, Instagram, or TikTok.
And that’s just a garden-variety social engineering scam. They can get way more complex. For example, some of them are based around your relationships at work. If the scammers can find out the name of your boss, then they can sometimes convince you to carry out certain tasks. You don’t want to be fired, right? But these tasks often require you to divulge sensitive financial information that can later help scammers drain bank accounts.
Tips to protect yourself
This all sounds pretty scary, but there is some good news. There are concrete steps that you can take to protect yourself from a social engineering scam. First and foremost, you should be using 2FA (which is shorthand for “two-factor authentication”). You may not recognize 2FA by its name. But it’s the laborious process of being asked to verify your account first with your email or login information, and then once more with your mobile phone. The thinking here is that a scammer likely has not compromised both your email and your phone.
And, of course, you should always be careful about what you click on, and who you speak to. People may claim to be customer service reps, but they may just be scammers, hoping to get you to provide all kinds of personal information. They will promise to fix everything for you, as soon as you provide some basic information. In some cases, they will offer to help you install screen capture software, so that they can see what’s on your screen. (Yikes!)
A healthy dose of skepticism is always warranted anytime you go on social media. People may not be who they claim to be. If you want to avoid the headache – both psychological and financial – of a social engineering scam, it’s time to become more informed about how to protect yourself today.
