Education Center

Social Engineering

Social engineering is a type of fraud that exploits your natural inclination to trust the people you know. These scams can occur online or in person. On social networks and websites, fraudsters posing as your friends and colleagues can fool you into revealing your personal information.

Because social engineering attacks look legitimate, they can be difficult to detect. Learn how to identify this deception and avoid becoming a victim.

Take precautions when communicating with your bank

If you want to communicate with your bank using social media, keep in mind that your posts could become public, even if you protect your posts through your account settings. You shouldn't include any personal, confidential or account information in your posts.

Search for fake accounts in your name

Periodically search to see if someone has created a fake account using your name or personal information on social media. By checking common search engines for your name and keywords or phrases (such as your address), you may turn up evidence that someone is using your information in a dishonest way.

Learn to use privacy settings

Use privacy settings to make your social networks accessible only to people you know. Never make your entire profile visible to everyone. By actively managing your privacy settings, you can help to ensure that your personal information doesn't fall into the wrong hands.

Keep some things to yourself

Avoid posting detailed personal information about yourself, such as your:

  • Full birthday
  • Street address
  • Financial account numbers
  • Government document numbers, such as Social Security, driver's license and passport
  • Information commonly used for security questions, such as your mother's maiden name

A dedicated cybercriminal can learn enough about you through just one or two pieces of sensitive information to steal your identity.

Be suspicious of new connections

Think before you accept a new connection from someone whose name you don't recognize; it could be a fake request. Consider accepting connection requests only from people you've met or from those who were referred by trusted connections.

Pick up the phone

Ignore emails or profile updates that seek private details such as IDs or account numbers. If you think the request might be legitimate, then call the organization—using a number you know to be valid—and offer to answer over the phone.

Beware of software downloads

Download software only from trusted sources—be wary of file-sharing sites or "free" offers. Treat software downloads on social media with the same suspicion as offers received through unsolicited email.

Additionally, some organizations may monitor your Internet behavior through (often free) software downloaded to your computer or public computers. Although you may have intentionally downloaded this software, you may not be aware of the tracking software that comes with it.

Be especially skeptical of downloading software containing offers such as free "virus protection" or "PC performance accelerator." In exchange, you may be compromising the privacy and security of your online financial transactions.

Carefully read the end user license agreement (EULA) covering software to make an informed decision that takes into account any privacy and security issues. Consider asking your friends about software or an app first to learn if they had any problems.

Use security questions wisely

When choosing security questions, you'll want to make sure they can't be easily guessed. For instance, only you and your close friends would know the answer to "What was the name of your first pet?" However, an enterprising fraudster might be able to guess "What was your high school mascot?" or "Who is your favorite superhero?"

Look before you click

Criminals can hide the destination of a link, so even though the text reads "Visit ABC Corp," the link might actually go elsewhere. Mouse over the link and check the information bar at the bottom of your browser to see where it really goes.

Beware of phone and text scams

Criminals also use phone calls and text messages to impersonate someone else and trick you into revealing information. Examples include tax audit, tax refund and tech support scams.

Don't rely on the caller ID display because it can be changed to mask a call's true origin. Criminals can also easily set up a toll-free number with an automated system to gather payment card or Social Security numbers.

Ignore phone calls or text messages that urge you to provide your account number and other personal information to prevent dire consequences like account closing, tax penalties or arrest.

Need help?

If you believe that you may have supplied your account information in response to a social engineering scam, contact your financial institution immediately.

BB&T clients can call 800-BANK-BBT (800-226-5228).

Related topics

Fraudulent emails

Stay on guard for fake emails and websites that have been designed to steal your financial information.

Identity theft

Minimize your risk of identity theft by knowing the warning signs and learning ways to protect yourself, both online and offline.

Internet activity and electronic data protection

With more financial activity occurring online than ever before, it's essential to know how to reduce the risks to your data.

Phishing

Protect yourself from scams that could trick you into providing confidential information, and learn what to do if you do get "phished."

Branch Banking and Trust Company, Member FDIC.