(800) 849-6515
(800) 849-6515
What are You Looking for?
Social Engineering Scams

    Get Help Now
    24/7 Support

    ByJack Gillespie

    The Rising Threat of Social Engineering in Cybercrime

    Have you received a text from your bank asking for all the credentials they already have on file. Or maybe you opened a legitimate website, only to have your device infected with malware. Social engineering scams are the root cause of a vast majority of cybercrimes. Even large corporations are targeted, leaving the entire workforce and client base at risk with a single click. Keep reading to learn more about how cybercriminals conduct social engineering scams and ways to keep yourself safe.

    What Does Social Engineering Mean in Cybercrime?

    Social engineering is the practice of psychologically manipulating individuals to take actions that can be exploited for illicit activities. Unlike hacking, which directly attacks the technical system, social engineering scams rely on fooling the person in charge.

    Our human nature to initially trust the intentions of others leaves us vulnerable to this cerebral subterfuge. We want to believe good offers are real and feel a moral desire to help others. However, you can reduce your chances of falling victim to social engineering scams by understanding their manipulation tactics.

    Common Social Engineering Tricks Used by Cybercriminals

    There are many different ways cybercriminals may try to expose you to their social engineering scams. Read the list below to learn more about these tactics and the crimes they can lead to.

    • Phishing. These are the most common social engineering attacks. Perpetrators will pose as a trusted entity and contact targets to request credentials and other personal information.
    • Pretexting. Scammers will create a fake scenario to gain the target’s trust and extract personal information. For example, they might post a fake job listing.
    • Baiting/Quid Pro Quo. Cybercriminals may lure in their victims through tempting offers. They may strategically place a malware-plagued USB in a public place in hope someone will take it.
    • Impersonation/Deepfakes. Cybercriminals use the identity of a real individual through stolen images or digitally created media. This is amplified by the recent explosion of AI technology.
    • Tailgating. This is the least technical form of social engineering. It involves following an authorized employee to bypass security measures and gain access to private information.
    • Physical Social Engineering. This involves posing as an authorized party to bypass security in person. For example, cybercriminals often pretend to be a third-party technician or delivery person.

    The Role of Social Engineering Scams in Larger Cybercrime Operations

    Social engineering scams fuel major cybercrimes. Understanding these schemes and how cybercriminals carry them out is pivotal to protecting yourself from them.

    • Ransomware. Scammers often use information found in data breaches to reach targets with malware laden phishing emails. These messages contain links and attachments that download malicious programs to the recipient’s device.
    • Account Takeovers. The perpetrator may pose as a bank employee, customer service, tech support, or other trusted authority. They use this guise to steal login credentials and access confidential data.
    • Financial Fraud. In 2018, 97% of thefts from personal bank accounts were linked to social engineering scams. Ironically, one of the more common schemes involves calls warning of false fraudulent charges.
    • Cyber BlackmailCybercriminals will employ social engineering to gain their target’s trust and extract personal information that they can leverage.
    • SextortionSocial engineering scams such as baiting and impersonation allow cybercriminals to coerce their victims into sending explicit content.
    • Romance Scams. Similarly, scammers use baiting and impersonation to pretend to be a romantic interest and extort their victims.

    Real-World Consequences of Social Engineering Scams

    The best way to grasp the potential consequences of social engineering scams is to revisit previous cases. The following examples show just how devastating the fallout can be and how quickly things can snowball.

    Engineering Firm Loses Millions to Deepfake Conference

    Arup Group, the engineering firm responsible for projects such as the Sydney Opera House, lost $25 million to an AI deepfake social engineering scam last year. Criminals were able to generate deepfakes of high-ranking company members and host a fraudulent video conference.

    The employee targeted in the scam expressed skepticism at the initial email requesting secret financial transactions. However, these suspicions were stifled when he joined the video call and saw and heard colleagues that he recognized.

    Ultimately, the social engineering scam resulted in losses totaling 200 million Hong Kong dollars, or roughly $25.6 million USD. According to official police reports, the employee issued the payment over 15 separate transactions.

    Fraudulent Coinbase Imitation Site

    The rapid expansion of cryptocurrency has led to regulation issues and provided a new avenue for social engineering scams. The FTC received over 46,000 reports amassing $1 billion dollars in crypto currency lost to fraud from 2021 to 2022.

    In a recent social engineering scam, users of Coinbase, the largest US cryptocurrency exchange, lost over $65 million. Perpetrators sent phishing emails to users under the guise of the official Coinbase communications team. From there, they sent victims to an imitation website, coercing them to transfer funds to wallets they set up.

    Fake Toll Scams

    Another example of social engineering currently plaguing the US is a fake unpaid toll smishing scam. Perpetrators are posing as E-ZPass, contacting individuals through leaked phone numbers and directing them to an imposter website.

    Massachusetts and Maryland specifically have seen a rise in these scams, receiving up to 900 reports per day. The issue became so prevalent that E-ZPass issued a warning in January.

    Keanu Reeves and the AI Matrix

    Romance scams are an ever-common example of social engineering and often target older women. Recently, numerous women have sent thousands of dollars to perpetrators posing as Keanu Reeves. These cases continue to pop up despite his PR team explicitly stating he has no social media presence.

    One woman, going by Chloe, sent almost $750,000 to an AI-generated Reeves in 2024. The scammer requested money for a private jet to travel to her and a special computer to write upcoming scripts.

    Later that year, 67-year-old Kathrine Goodson sent roughly $65,000 to a Reeves impersonator and lost her home. This came after she’d sent $500 to a different scammer posing as Reeves in 2022. The second scammer actually contacted her on a post she made warning others of such cons.

    Currently, a 67-year-old Colorado woman has sent roughly $5,000 and counting in this same scheme. She denies it’s a scam despite wide-spread coverage, warnings from Reeves’ representatives, and a sit-down interview with CBS Colorado.

    How to Protect Against Social Engineering Scams

    These attacks target both individuals and entire organizations. Protection methods are different depending on the target of the scheme. As such, our experts have compiled the lists below to help individuals and businesses prevent social engineering scams.

    For Individuals

    • Use two-factor authentication (2FA) whenever possible.
    • Don’t trust messages from people you don’t know.
    • Check links before you click.
    • Be skeptical of offers that seem too good to be true.

    For Businesses

    • Train employees to spot scams.
    • Use multi-factor authentication.
    • Perform regular penetration testing to find weak spots.
    • Follow a “zero trust” policy — never assume access should be granted without proof.

    The Future of Social Engineering in Cybercrime

    The advancement of AI used in chatbots, digital media, and synthetic voices has made social engineering scams harder to recognize. The best way to stay safe is by constantly educating yourself on the current best practices in cybersecurity.

    Fortunately, there is a free database of educational material that you can access on our blog page. And if you get lured into a social engineering scam, we know how to help. You can contact us any time to speak with one of our specialists and plan your next steps.


    DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

    Read Next

    ©️ ©2025 DigitalForensics.com. All Rights Reserved.