Scam Watch: The Rise of Social Engineering Fraud

A new scam technique called social engineering fraud is growing fast. The latest generation of AI tools makes it easier than ever for scammers to impersonate a friend or loved one. Here’s what to watch out for…

In 2023, people in the U.S. reported losing over $12.5 billion to online fraud. This is a big increase from the previous year, showing that these scams are becoming more common. The FBI gathers this information from people who report fraud to their Internet Crime Complaint Center (IC3), which received over 880,000 complaints last year. However, many scams are not reported, so the actual number is likely much higher.

The most common types of scams

Investment fraud: This type of scam led to the most money lost, with $4.57 billion gone. Many of these scams involve fake cryptocurrency investments. Scammers pretend to be friends or family to trick people into investing money.

Business email compromise (BEC): This scam caused $2.9 billion in losses. Scammers hack into business email accounts and pretend to be a trusted person, like a boss, to trick employees into sending money or sensitive information.

Ransomware: Ransomware attacks increased significantly, with nearly $60 million lost. These attacks lock up important computer files until a ransom is paid.

Social engineering: How scammers trick people

Scammers use several techniques to trick people into giving them money or personal information:

1. 1. Insider impersonation:
      • When targeting businesses, scammers pretend to be company employees to get access to important accounts by contacting IT or helpdesk staff
      • When targeting individuals, scammers often use recently-developed AI tools to imitate the voice of a loved one. A desperate call from a grandchild who’s traveling in Mexico and has lost their passport could be the beginning of a swindle.
   2. SIM swapping: Scammers convince phone companies to transfer a victim’s phone number to a new SIM card, allowing them to bypass security measures and access accounts. This allows them to get around security steps like two-factor authentication (“enter the number we just texted you to log in to your account”).
   3. Call forwarding and simultaneous ring: Scammers set up call forwarding to receive verification calls meant for the victim. Instead of the account-holder answering the phone when their bank calls to ask about suspicious activity, the bad guy takes the call, authorizes the charges, and keeps the financial scam moving forward.
   4. Phishing: This is an old trick, almost as old as the internet itself, but it still works… Scammers send fake emails or text messages that look like they come from a trusted source, often a bank or broker or an online payments service like PayPal or Venmo. The message prompts the recipient to click a harmful link that could lead to a fake login page (to capture your credentials) or a more elaborate form designed to collect your personal details.
   5. There’s a lot of jargon surrounding online fraud and scams. Here’s a brief glossary of the various types of phishing:

Spear Phishing: Personalized emails aimed at specific individuals. “Spear” because it’s a highly targeted type of fraud, compared to the more general mass-email types of phishing.

Whaling: Scams specifically targeting high-net-worth individuals, or powerful corporate decision-makers (CEOs and the like).

Vishing: Voice phishing via phone calls. Note these can be particularly concerning, as modern scammers can create convincing simulations of familiar human voices with just a few recorded samples. Since almost everyone these days has some sort of online presence, it’s relatively easy for a scammer to zero in on a particular target and create a phony voice based on nothing more than their voicemail greeting.

Smishing: Phishing through SMS (text messages) – otherwise similar to email-based phishing attempts.

Quishing: Scams using fake QR codes to direct victims to harmful websites, rather than links in an email or text.

Zishing: Using fake video calls to deceive victims. This is relatively rare – thankfully, AI tools have trouble creating a convincing video of a specific person. However this means a video of a phony FBI agent to interact with you on Zoom, which might be enough to convince even the most skeptical person.

How to protect yourself from social engineering scams

Here are some tips to help you stay safe from these scams:

• Be cautious of calls, emails, or texts asking for personal information. If in doubt, contact the company directly using a known phone number.
• Do not log into your bank, brokerage or retirement account by clicking on a link in an email or text! Instead, open a new browser window and type in the URL.
• Use strong, unique passwords and enable multi-factor authentication (MFA) for your accounts.
• We’ve found that a secure password management tool like BitWarden (free) or 1Password ($3/month) make juggling long, complicated passwords a breeze.
• Regularly check your accounts for any suspicious activity. If you do see something you don’t recognize, flag it with your bank/broker immediately.
• Keep your personal information private and avoid sharing it online.
  • By “personal information,” we mean specific identifiable data like:
    • Your full name
    • Your birthday
    • Your Social Security number (or even the last four digits)
    • Your bank account number (routing numbers aren’t private, but the combination of a routing number and your account number can be used to drain your account)
    • Your current address
    • Your mother’s maiden name
      Essentially, the less a scammer knows about you, the more difficult you are to defraud.

What to do if you think you’ve been scammed

A lot of people who’ve fallen for scams report feeling embarrassed or ashamed. Listen: financial fraud wouldn’t be such a huge industry if it wasn’t successful! Don’t let your bad feelings prevent you from taking immediate steps to stop the scammers in their tracks.

• Contact your bank and any other businesses that manage your financial accounts immediately. Believe me, they’ve heard this before and will have steps they can take to lock down your account and minimize potential harm.
• Change your usernames, passwords and any other compromised information like PIN numbers and security phrases. This will likely be part of the steps your bank, credit card company or broker will walk you through.
• Report the scam to the authorities and let your friends and family know about it to prevent them from becoming victims too.
• Start by reporting to your local police or law enforcement – you’ll want a police report
• Report a scam to the Federal Trade Commission (FTC)
• Report online fraud to the Internet Crime Complaint Center (IC3)
• Report Social Security theft or fraud to the Office of the Inspector General

Remember, staying informed and cautious can help protect you from falling victim to even the most sophisticated scams.

Knowing what to look out for is key to defending against most scams. To help you detect and avoid financial scams, Birch Gold Group has pulled together an extensive resource guide that is now available on our website. The Birch Gold Group Scam Protection Resource Guide helps you identify warning signs and provides you with tips on how to avoid fraud.