Protecting your business against social engineering fraud

Social engineering fraud (SEF) accounts for 98% of all cyberattacks.Disclosure 1 In their attempts to steal company funds, scammers use deceptive social media posts, voice and text messages, or email phishing attacks. According to the FBI, just one category of social engineering fraud—business email compromise—cost American companies upwards of $50 billion in losses between 2013 and 2022.Disclosure 2

Key concepts

In this article, we’ll talk about how to:

  • Understand the threat
  • Recognize common tactics
  • Know the potential targets
  • Set up strong defenses

Social engineering: a quick introduction

Component ID : "accordionGridLayout-644423604"
Model : "disclaimer"
Position : "left"

[Fraud prevention 101: Social engineering] [Truist logo]

[Social engineering: This scheme is behind most fraudulent attempts.]

Social engineering: /ꞋsōSHƏl enjƏꞋni(Ə)riNG/ noun (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Narrator: Social engineering—or psychological manipulation—is the basis for nearly every attempted cyberattack. Cybercriminals can try to trick you into providing private information by offering fraudulent promotions or IT help over the phone or email. Verify any source that requests information from you, and never give out personal, financial, or company details unless you’re already familiar with the person on the receiving end.

[Learn more tips for staying vigilant.]

Truist [logo]

Contact your Truist relationship manager or treasury consultant for more information on fraud protection.

Truist Bank, Member FDIC. © 2024 Truist Financial Corporation.

Truist, the Truist logo and Truist Purple are service marks of Truist Financial Corporation.

[end transcript]

How does social engineering fraud happen?

Social engineering fraud begins with scammers harvesting personal data about your employees, vendors, or customers. Then, they use these details to create a convincing impersonation of an individual your employees trust—with the goal of tricking your team into disclosing sensitive information or clicking on malicious links.

$4.45 million:

The average cost of a social engineering-related breach across U.S. industriesDisclosure 3

Who does it affect?

Everyone in your organization can be a target of SEF. This type of attack can be directed at one or two key players or a whole team.

Good news: Cybersecurity awareness training really works.

84% of information security and IT professionals say it reduced failure rates during attack simulations and phishing tests.Disclosure 4

How to respond.

If personal information is stolen in a social engineering attack, quickly address the data breach and disclose what you’re doing in a way that shows your partners you care for and protect them.Disclosure 5 Also, let them know how they can help you keep their information safe.

Customers appreciate proactive, transparent communications about data breaches.

Best practices and prevention

Preventing losses from social engineering fraud starts with you—and the processes you put in place to protect your company. Here are several strategies that can help your employees spot and avoid social engineering scams.

Implement a workplace education program.

Train your team to recognize and report suspicious messages, attachments, and links. Create protocols for identifying red flags, reinforce these trainings regularly, and implement programs for new hires.

Run attack simulations on your team.

Regularly expose staff to the latest social engineering techniques in a safe way through mock attacks performed by your IT team. They can trace who fell for tactics like spear phishing or vishing and, crucially, highlight areas where you may need more training and protection.

Investigate and upgrade your tech protection.

Technology like multifactor authentication (MFA) boosts your ability to screen out scams distributed by bots. Tech tools like behavioral biometrics can also help you and your team spot the difference between fraudsters and genuine users.

Go directly to the source.

Are you in doubt about the authenticity of any company communications you’ve received? Reach out to the company directly to verify the origin of any suspicious emails, voicemails, or texts. For example, if the communication claims to be from Truist, you can ask your relationship manager to confirm it’s legitimate before taking any action.

Update your cyber insurance coverage.

If prevention fails and your company is attacked, a social engineering fraud (SEF) insurance policy can help you minimize your losses. Talk to your agent to learn what’s available and what makes the most sense for your business.

FAQs on social engineering fraud

Component ID : "faq-1301646222"
Model : "faq"
Position : "left"

The quality of text, audio, image, and video impersonations created by generative AI varies but is constantly improving. In its early days, photorealistic reproductions of humans proved challenging, with AI often misplacing noses and adding extra fingers to hands. Today, the technology is advancing rapidly. And voice clones have been persuasive enough to trick targets into transferring millions of dollars to scammers.

Companies like Intel, Sentinel, and Microsoft already have products on the market to detect video and image deepfakes. Also in the works are potentially paradigm-shifting initiatives like McAfee’s Project Mockingbird. These and other cutting-edge systems use an array of techniques to successfully identify AI-powered audio impersonations.

This fraud strategy has the potential to threaten all industries. But the possibility for a large financial payoff from a single successful attack has made financial institutions and insurance companies hackers’ prime targets—and has led many big names in those industries to implement AI in cybersecurity countermeasures.

No. A wire transfer is a one-time, fast-moving, domestic or international transaction between two financial institutions that requires higher user fees and is capable of moving large sums of money. ACH transfers are similar but can be set up on a recurring basis, are exclusively domestic, typically move slower than wires, have minimal user fees, and are used in a wider range of transfers, such as bank deposits and peer-to-peer apps like Venmo and Cash App.

Electronic funds transfers, or EFTs, happen whenever money is digitally moved between banks. They occur without the intervention of bank employees, don’t require paper documentation, and are the most common form of bank transfer.

While recovering money from a completed wire transfer is nearly impossible, the transaction can be reversed—if it’s caught and stopped before your account has been debited.

At the federal level, contact the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission. You’ll need to provide each with a copy of the initial communication—that is, the email (if you were phished) or voice transcript of a call (if you were vished). Also, contact the financial crime department of your State Identification Bureau, as well as local law enforcement.

Turn to professionals for protection.

To learn more about cybersecurity threats and the various types of fraud facing your organization, connect with one of Truist’s relationship managers.

The power of partnership.

Purple PaperSM

The power of partnership

Our latest Purple PaperSM focuses on how Truist Business Lifecycle Advisory can benefit your business today, tomorrow, and beyond.

Stay informed and get connected

Looking for fresh thinking and new insights to help uncover opportunities for your business needs?

Connect with a Relationship Manager

Unlock greater value with an experienced partner. We’re ready to focus on the specific needs of your company—and where you are in your business lifecycle.

*This form is for prospects. Truist clients should contact their relationship manager with inquiries related to commercial products and services.

Helpful links



Sign up for monthly articles on Business Insights

Sign up to receive our business insights, thought leadership, and client success stories that can help inspire your next bold business move.

Please enter a first name
Please enter a last name
Please enter a valid email address
Please enter a company name
I'm also interested in: Please select a campaign option