Illustration of fraudster stealing money using social engineering fraud

Social engineering fraud appeared to be in hibernation mode for a while. But recently, we’ve been seeing this type of financial crime become both a payment and a card issue. Banks must understand the latest social engineering evolutions in order to protect their customers from the scams it enables.

What is Social Engineering Fraud? 

Social engineering fraud is a way for fraudsters to get legitimate customers involved in the fraud by manipulating or coercing them in some way. Fraudsters use a variety of social engineering tactics to manipulate customers based on their personal information. Using phishing phone calls, smishing, or vishing tactics fraudsters can trick their victims into revealing sensitive information about themselves. In some cases, fraudsters simply review their target’s social media profiles to gain their trust. Once they have their target’s personal information, they can craft a personalized narrative that is much more convincing.

From here, fraudsters move from social engineering to scams. Using stolen personal information, fraudsters can now come to victims from a position of trust. For example, the fraudster may pose as a bank official or another party that the customer trusts. That trust can be exploited to scam the customer and manipulate them to commit the scam and send money. By pretending to be a law enforcement official or a bank employee, the fraudster creates a sense of urgency. This helps pressure the victim into believing the scam. Alternatively, the fraudster could convince the customer to divulge sufficient personal information enabling the fraudster to take over their account.

How Social Engineering Fraud is Shifting

Social engineering fraud has traditionally been thought of as payment-type fraud. In other words, a type of payment that customers shouldn’t be making. However, as organizations have tightened their responses to these tactics, we’re now seeing social engineering fraud migrate to card-based channels and social media platforms. 

In this new model, customers are being asked to either reveal their personal information. This includes credit card numbers, phone numbers, or other sensitive information needed to make card-based transactions to merchants that ultimately benefits the fraudster. For example, the fraudster may be profiting from a collusive relationship with the merchant. 

The fraudster may also try to access the goods on the other side. This may involve contacting the merchant and having the goods moved and redirected to the fraudster. Or the fraudster may potentially even intercept the delivery on the way. One obvious way they could do this is to ask for the delivery to be placed at a specific point that the fraudster can access. They realize the customer will give them the dropoff information which enables them to intercept the delivery as a result. 

Banks Need a Cross-channel Fraud Prevention Strategy

Social engineering fraud and the scams it enables are evolving to be both a payments and cards issue is an interesting development. It’s also one that banks must start to address immediately. This starts with customer education.

Education of customers remains vital. But what we’re now seeing is that more cross-channel strategies are going to be massively effective in preventing social engineering fraud. That’s because sometimes the fraudster will initially use somebody’s bank account to gain information, but then may use cards as the transaction vehicle.

As an organization, it’s vital for financial institutions to have a cohesive strategy in place. Wherever possible, financial institutions should look for patterns of merchant-type transactions that might be suspicious not just for that customer, but on an overall basis as well. 

As these techniques evolve, areas such as machine learning, customer profiling, and implementing nimble rule strategies are going to be vital in this defense. So will making sure customers are kept up to date with the latest social engineering fraud and scam threats.