Fraud | July 2024

How to identify and prevent the most prevalent cyber scam

Protecting your business against social engineering fraud

Social engineering fraud (SEF) accounts for 98% of all cyberattacks.Disclosure 1 In their attempts to steal company funds, scammers use deceptive social media posts, voice and text messages, or email phishing attacks. According to the FBI, just one category of social engineering fraud—business email compromise—cost American companies upwards of $50 billion in losses between 2013 and 2022.Disclosure 2

Key concepts

In this article, we’ll talk about how to:

  • Understand the threat
  • Recognize common tactics
  • Know the potential targets
  • Set up strong defenses

Social engineering: a quick introduction

Component ID : "accordionGridLayout-644423604"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Social engineering] [Truist logo]

[Social engineering: This scheme is behind most fraudulent attempts.]

Social engineering: /ꞋsōSHƏl enjƏꞋni(Ə)riNG/ noun (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Narrator: Social engineering—or psychological manipulation—is the basis for nearly every attempted cyberattack. Cybercriminals can try to trick you into providing private information by offering fraudulent promotions or IT help over the phone or email. Verify any source that requests information from you, and never give out personal, financial, or company details unless you’re already familiar with the person on the receiving end.

[Learn more tips for staying vigilant.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation.

Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

How does social engineering fraud happen?

Social engineering fraud begins with scammers harvesting personal data about your employees, vendors, or customers. Then, they use these details to create a convincing impersonation of an individual your employees trust—with the goal of tricking your team into disclosing sensitive information or clicking on malicious links.

$4.45 million:

The average cost of a social engineering-related breach across U.S. industriesDisclosure 3

Who does it affect?

Everyone in your organization can be a target of SEF. This type of attack can be directed at one or two key players or a whole team.

Good news: Cybersecurity awareness training really works.

84% of information security and IT professionals say it reduced failure rates during attack simulations and phishing tests.Disclosure 4

How to respond.

If personal information is stolen in a social engineering attack, quickly address the data breach and disclose what you’re doing in a way that shows your partners you care for and protect them.Disclosure 5 Also, let them know how they can help you keep their information safe.

Customers appreciate proactive, transparent communications about data breaches.

Best practices and prevention

Preventing losses from social engineering fraud starts with you—and the processes you put in place to protect your company. Here are several strategies that can help your employees spot and avoid social engineering scams.

Implement a workplace education program.

Train your team to recognize and report suspicious messages, attachments, and links. Create protocols for identifying red flags, reinforce these trainings regularly, and implement programs for new hires.

Run attack simulations on your team.

Regularly expose staff to the latest social engineering techniques in a safe way through mock attacks performed by your IT team. They can trace who fell for tactics like spear phishing or vishing and, crucially, highlight areas where you may need more training and protection.

Investigate and upgrade your tech protection.

Technology like multifactor authentication (MFA) boosts your ability to screen out scams distributed by bots. Tech tools like behavioral biometrics can also help you and your team spot the difference between fraudsters and genuine users.

Go directly to the source.

Are you in doubt about the authenticity of any company communications you’ve received? Reach out to the company directly to verify the origin of any suspicious emails, voicemails, or texts. For example, if the communication claims to be from Truist, you can ask your relationship manager to confirm it’s legitimate before taking any action.

Update your cyber insurance coverage.

If prevention fails and your company is attacked, a social engineering fraud (SEF) insurance policy can help you minimize your losses. Talk to your agent to learn what’s available and what makes the most sense for your business.

FAQs on social engineering fraud

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

SEF is any cyberattack in which malicious actors harvest an employee’s personal information, use those details to impersonate a colleague or authority figure, and then try to manipulate the employee into carrying out fraud.

The most common forms of SEF are phishing (email-based), vishing (voice message-based), and smishing (SMS or text messaging-based).

Ransomware is a form of malicious software, or malware, that, when installed on your system, locks up your computer network until a sum of money is paid.

Multifactor authentication is a multistep sign-in process often used to access sensitive information like company networks and bank accounts. To start, MFA users usually enter sensitive information like a password or use biometrics like face or voice recognition. This triggers the MFA system to send a confirmation message via an authenticator app, text, or email. Having more than one virtual door to unlock makes it harder for a hacker to gain access.

Pretexting occurs when scammers use a false narrative to gain a victim’s trust and manipulate them into sharing sensitive personal information, downloading ransomware, or engaging in acts that defraud your company. Scammers often pose as a company executive, vendor, partner, employee, or member of a regulatory body and then infuse their pretext with a sense of urgency that intimidates the target into compliance.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

Transforming macroeconomic uncertainty into opportunity.

Purple PaperSM

Transforming macroeconomic uncertainty into opportunity

Our latest Purple PaperSM focuses on the future and what business leaders can do to mitigate risks while harnessing opportunities.

Download the Purple Paper (PDF)
Client stories

Technology helps commercial concrete company boost revenue tenfold

Cable network doubles revenue and staff with significant acquisition

Baking purpose into commercial real estate development

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Connect with a Relationship Manager

Unlock greater value with an experienced partner. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

*This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

Contact us

Helpful links

Business Insights
Truist Business Lifecycle Advisory
Business Resource Center
Sign up for monthly articles on Business Insights

Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option
Component ID : "accordionGridLayout-1396148670"
Model : "disclaimer"
Position : "left"

Disclosure 1What Is Social Engineering,” Proofpoint, accessed June 17, 2024.

Disclosure 2Business Email Compromise: The $50 Billion Scam,” Federal Bureau of Investigation, June 9, 2023.

Disclosure 3Cost of a Data Breach Report 2023,” IBM Security, 2023.

Disclosure 42022 State of the Phish Report Explores Increasingly Active Threat Landscape, Importance of People-Centric Security,” Proofpoint, February 22, 2022.

Disclosure 5A new approach to fighting fraud while enhancing customer experience,” McKinsey & Company, November 8, 2022.

Disclosures

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

Services provided by the following affiliates of Truist Financial Corporation (Truist): Banking products and services, including loans and deposit accounts, are provided by Truist Bank, Member FDIC. Trust and investment management services are provided by Truist Bank, and Truist Delaware Trust Company. Securities, brokerage accounts and /or insurance (including annuities) are offered by Truist Investment Services, Inc., which is a SEC registered broker-dealer, member FINRA, SIPC, and a licensed insurance agency. Investment advisory services are offered by Truist Advisory Services, Inc., GFO Advisory Services, LLC., each SEC registered investment advisers.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist Financial Corporation and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank. Deposit products are offered by Truist Bank.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

  • Multilingual teammates available at our Multicultural Banking Centers
  • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
  • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

  • Limited English Proficiency Support
  • New York City residents

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2024, Truist. All Rights Reserved.