Fraud | July 2024 How to identify and prevent the most prevalent cyber scam

Protecting your business against social engineering fraud

Social engineering fraud (SEF) accounts for 98% of all cyberattacks.Disclosure 1 In their attempts to steal company funds, scammers use deceptive social media posts, voice and text messages, or email phishing attacks. According to the FBI, just one category of social engineering fraud—business email compromise—cost American companies upwards of $50 billion in losses between 2013 and 2022.Disclosure 2

Key concepts

In this article, we’ll talk about how to:

  • Understand the threat
  • Recognize common tactics
  • Know the potential targets
  • Set up strong defenses

Social engineering: a quick introduction

Component ID : "accordionGridLayout-644423604"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Social engineering] [Truist logo]

[Social engineering: This scheme is behind most fraudulent attempts.]

Social engineering: /ꞋsōSHƏl enjƏꞋni(Ə)riNG/ noun (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Narrator: Social engineering—or psychological manipulation—is the basis for nearly every attempted cyberattack. Cybercriminals can try to trick you into providing private information by offering fraudulent promotions or IT help over the phone or email. Verify any source that requests information from you, and never give out personal, financial, or company details unless you’re already familiar with the person on the receiving end.

[Learn more tips for staying vigilant.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation.

Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

How does social engineering fraud happen?

Social engineering fraud begins with scammers harvesting personal data about your employees, vendors, or customers. Then, they use these details to create a convincing impersonation of an individual your employees trust—with the goal of tricking your team into disclosing sensitive information or clicking on malicious links.

$4.45 million:

The average cost of a social engineering-related breach across U.S. industriesDisclosure 3

Who does it affect?

Everyone in your organization can be a target of SEF. This type of attack can be directed at one or two key players or a whole team.

Good news: Cybersecurity awareness training really works.

84% of information security and IT professionals say it reduced failure rates during attack simulations and phishing tests.Disclosure 4

How to respond.

If personal information is stolen in a social engineering attack, quickly address the data breach and disclose what you’re doing in a way that shows your partners you care for and protect them.Disclosure 5 Also, let them know how they can help you keep their information safe.

Customers appreciate proactive, transparent communications about data breaches.

Best practices and prevention

Preventing losses from social engineering fraud starts with you—and the processes you put in place to protect your company. Here are several strategies that can help your employees spot and avoid social engineering scams.

Implement a workplace education program.

Train your team to recognize and report suspicious messages, attachments, and links. Create protocols for identifying red flags, reinforce these trainings regularly, and implement programs for new hires.

Run attack simulations on your team.

Regularly expose staff to the latest social engineering techniques in a safe way through mock attacks performed by your IT team. They can trace who fell for tactics like spear phishing or vishing and, crucially, highlight areas where you may need more training and protection.

Investigate and upgrade your tech protection.

Technology like multifactor authentication (MFA) boosts your ability to screen out scams distributed by bots. Tech tools like behavioral biometrics can also help you and your team spot the difference between fraudsters and genuine users.

Go directly to the source.

Are you in doubt about the authenticity of any company communications you’ve received? Reach out to the company directly to verify the origin of any suspicious emails, voicemails, or texts. For example, if the communication claims to be from Truist, you can ask your relationship manager to confirm it’s legitimate before taking any action.

Update your cyber insurance coverage.

If prevention fails and your company is attacked, a social engineering fraud (SEF) insurance policy can help you minimize your losses. Talk to your agent to learn what’s available and what makes the most sense for your business.

FAQs on social engineering fraud

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

The power of partnership.

Purple PaperSM

The power of partnership

Our latest Purple PaperSM focuses on how Truist Business Lifecycle Advisory can benefit your business today, tomorrow, and beyond.

Download the Purple Paper (PDF)
Client stories

Supporting a future focused advisory firm through accelerated growth

Helping a repair service entrepreneur flip the switch on business transition

Paving the way to growth for an infrastructure innovator

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Connect with a Relationship Manager

Unlock greater value with an experienced partner. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

*This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

Contact us

Helpful links

Business Insights
Truist Business Lifecycle Advisory
Business Resource Center
Sign up for monthly articles on Business Insights

Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option
Component ID : "accordionGridLayout-1396148670"
Model : "disclaimer"
Position : "left"

Disclosure1 “What Is Social Engineering, opens in new tab,” Proofpoint, accessed June 17, 2024.

Disclosure2 “Business Email Compromise: The $50 Billion Scam, opens in new tab,” Federal Bureau of Investigation, June 9, 2023.

Disclosure3 “Cost of a Data Breach Report 2023, opens in new tab,” IBM Security, 2023.

Disclosure4 “2022 State of the Phish Report Explores Increasingly Active Threat Landscape, Importance of People-Centric Security, opens in new tab,” Proofpoint, February 22, 2022.

Disclosure5 “A new approach to fighting fraud while enhancing customer experience, opens in new tab,” McKinsey & Company, November 8, 2022.

Disclosures

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation. Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

Equal Housing Lender

Investment and Insurance Products:

  • Are Not FDIC or any other Government Agency Insured
  • Are Not Bank Guaranteed
  • May Lose Value

TRUIST is a service mark of Truist Financial Corporation (Truist) and its affiliates.

Services provided by Truist Financial Corporation (Truist) affiliates: Banking products and services, including loans and deposit accounts, provided by Truist Bank, Member FDIC. Trust and investment management services provided by Truist Bank. Securities, brokerage accounts and /or annuities offered by Truist Investment Services, Inc., an SEC registered broker-dealer, and member FINRA and SIPC, and a licensed insurance agency. Investment advisory services offered by Truist Advisory Services, Inc. and GFO Advisory Services, LLC, SEC registered investment advisers. Some insurance products offered by Truist Investment Services, Inc. Other insurance products offered by McGriff Insurance Services, LLC (McGriff), Kensington Vanguard National Land Services, LLC (Kensington Vanguard) and Crump Life Insurance Services, LLC (Crump). Truist Life Insurance Services (TLIS) is a division of Crump, Arkansas License #100103477. Variable insurance material is for broker-dealer or registered representative use only. Variable products distributed by P.J. Robb Variable (PJRV), LLC, Arkansas License #100110185. Member FINRA.

McGriff, Kensington Vanguard, Crump, TLIS, and PJRV are not affiliated with Truist Financial Corporation or any of its subsidiaries.

Truist Securities is a trademark of Truist Financial Corporation. Truist Securities is a trade name for the corporate and investment banking services of Truist and its subsidiaries. All rights reserved. Securities and strategic advisory services are provided by Truist Securities, Inc., member FINRA and SIPC. Lending, financial risk management, and treasury management and payment services are offered by Truist Bank.

Mortgage products and services are offered through Truist Bank. All Truist mortgage professionals are registered on the Nationwide Mortgage Licensing System & Registry (NMLS), which promotes uniformity and transparency throughout the residential real estate industry. Search the NMLS Registry.

Comments regarding tax implications are informational only. Truist and its representatives do not provide tax or legal advice. You should consult your individual tax or legal professional before taking any action that may have tax or legal consequences.

"Truist Advisors" may be officers and/or associated persons of the following affiliates of Truist, Truist Investment Services, Inc., and/or Truist Advisory Services, Inc. Truist Wealth, International Wealth, Center for Family Legacy, Business Owner Specialty Group, Sports and Entertainment Group, and Legal and Medical Specialty Groups are trade names used by Truist Bank, Truist Investment Services, Inc., and Truist Advisory Services, Inc.

Applications, agreements, disclosures, and other servicing communications provided by Truist Bank and its subsidiary businesses will be provided in English. As a result, it will be necessary for customers to speak, read and understand English or to have an appropriate translator assisting them. Truist offers the following resources for consumers that have Limited English Proficiency:

  • Multilingual teammates available at our Multicultural Banking Centers
  • Materials for some products and services are available in Spanish, Korean, Vietnamese, Mandarin, and other languages spoken in the communities we serve.
  • Phone assistance in Spanish at 844-4TRUIST (844-487-8478), option 9. For assistance in other languages please speak to a representative directly.

New York City residents:

Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at http://www.nyc.gov/dca.

  • Limited English Proficiency Support
  • New York City residents

Borrowers with Limited English Proficiency (LEP) needing information can use the following resources:

Site footer

Footer Navigation

Banking products
About Truist
Resources
Support

© 2024, Truist. All Rights Reserved.